If the likes of Yahoo, Google and Apple can be hacked, then there is always a chance that your company isn’t completely safe from a data breach. Hackers are getting more resourceful and threatening every day, with cybercrime reaching an all-time high in recent years. So, if such an unfortunate incident does indeed affect your organization, what steps can you take to deal with the damage and keep the extent of the reputational and financial damages to a minimum?
Pre-determine a Response Protocol
Every company at risk of a data breach should already have a response protocol in place for just such an emergency to handle the tense and dangerous situation before time runs out. Part of the response protocol should involve hiring a white hat hacker team for your company, or at least having one available when required.
The Response Protocol Needs a Diverse Team to Carry it Out Effectively
You need a response team to react to the emergency and carry out the pre-decided response protocol that is in place, which should consist of the following team members from various departments of the organization:
• The Chief Risk Officer should lead the reactionary steps
• Include several members of the IT team that can have valuable input in such situations
• That white hat hacker team mentioned earlier will be the key personnel in repelling the attack
• The PR and privacy officials should work together to keep the matter from becoming public too soon
• Consult the legal team for understanding the legal ramifications of the situation and decide on a plan to counteract them
Call in the Digital Forensics Team
Most companies do not have a specialized on-site digital forensic investigation team, but fortunately, that is not a problem. Secure Forensics provides on-site digital forensic investigation for companies that have suffered a data breach, with complete secrecy and impressive results.
They can conduct on-site digital forensic investigation on macs, PCs, servers, all mobile devices and even on cloud storage systems to trace the problem back to its roots, and reveal the gap in security which allowed the breach to occur. Secure Forensics will also collect evidence regarding the cybercrime by working closely with your legal team, which can prove to be invaluable if lawsuits are imminent.
Common Steps for Containment and Prevention
The next steps should be towards containing or minimizing the damages as best as possible, which would require taking some or all of the following steps, depending on the advice of the technical team members.
Disable Internet Access
While it may not be enough if the malware has already been downloaded, but disconnecting your affected machines from the network will minimize the hacker’s efficacy. Keep in mind that manual disconnection might be necessary.
Tell Everyone to Change their Passwords
Everyone with any direct or indirect access to the main system needs to change their passwords immediately, although it may seem rudimentary.
Prepare the Emergency Patch
Your developer team should already be working towards an emergency patch to seal the gap in security, at least temporarily, until a more permanent update can be prepared.
Assess how bad the breach is and how much data was stolen before it could be managed and, depending on the severity of the breach, you might be legally required to inform the affected clients and everyone else about the breach, including the authorities. It may not feel intuitive at the time, but it’s still better if they find out from you. This allows your users to take precautionary measures by themselves as well, and the honesty will look better in court, if there is litigation.