Once a breach has been discovered, the victims may feel at a loss and not know what to do next. But with prompt, decisive action, companies can mitigate damage and bolster their network against future attacks.
Examine the breach – It is important that the IT department understands the details of a breach in order to learn how to clean up and protect the network moving forward. There are ways for companies to do this in house, or businesses can hire digital forensics firms to perform the investigation. Either way, companies need to find the door that was used to get into the network and discover what information was put at risk.
Report to authorities, depending on losses – If the security breach was more than just an average malware infection and sensitive data was stolen, it should be reported to authorities, who can help strengthen the investigation and take action if the cyber perpetrator is found. Keep in mind, some authorities may have a threshold on the size of breach that they are willing to look into. Nonetheless, if your compromise is significant you should still report it.
Patch the discovered holes – When the breach is investigated, generally IT staff is able to identify where the hackers got in. The next critical step is to ensure that door is shut (and locked) as quickly as possible. Other weaknesses in security defenses may be uncovered during this process, and those should be addressed with the same rigor to prevent entry from other points in the network.
Recover from backups – You are backing up, aren’t you? If systems are infected, a business will need to recover their systems from a backup in order to reduce the amount of information lost from the breach. Remember, performing regular, comprehensive system backups for business continuity and disaster recovery is a no-brainer for a smart information security strategy.
Change all passwords – Depending on what systems or networks the attackers accessed, it is possible they could have stolen important passwords that will most certainly result in further access into the system, or personal employee information such as email or social networking sites. Always compel everyone who accesses the compromised network to reset all passwords after a breach.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.