No matter what type or size you consider your business to be, every system is prone to a data breach. Some due to fraud, others due to corporate espionage, but no matter the intent – the fact remains that your system is prone to compromise. So the question of “if” should not be in our heads, but “when” unauthorized access take place, how will we handle it? Believe it or not, this is a common problem in today’s massively connected world. The following post will outline the top thing you should consider if your data has been unlawfully accessed. But before we dive too deep, let’s discuss what a data breach is.
What is a data breach?
This is an instance when delicate, protected or confidential data is either viewed, copied, stolen or transmitted by an unauthorized individual. Given the massive expansion of networks on the internet as well as the greedy nature of some of the individuals mandated to protect data, no data is 100% safe. This is why companies are turning to the latest sophisticated technology to prepare for the inevitable.
Recent statistics from IBM show surprisingly high figures on costs incurred by businesses today due to cyber-attacks. With an estimated losses averaging $6.5 million on breach of data and a lost or stolen individual record ranging up to $217, leaking or unauthorized access is gradually becoming a “cancer”. It seems that if nothing is done these estimates are expected to dramatically rise in the near future. Even companies that are considered “big” like Anthem, Ebay, and the FBI have all at one time or another had their data breached. This results in an unintentional punishment to the breached company when judged by client perception whose private data has been leaked and their digital information has been stolen.
According to informationisbeautiful.net’s online database of the largest breaches, hacking was the number one cause of data breaches from 2014-2016:
How do you minimize the impact of a breach?
Compared to a few years ago, security today is no longer considered an IT problem, but is instead a business problem. The executives are required to come up with a working plan for data recovery in cases of breaches, and actions for managing the impact of the stolen data for who’s been impacted.
Preparation for any business is always important, but consider these areas as a focal point for breach response:
Changing all the passwords
The most basic thing to do immediately when you suspect a breach is to change all the passwords. If they were easy before, avoid using names and add symbols to make them hard to guess. Avoid keeping copies of these passwords in a computer and make sure you use different passwords for different accounts.
Understand the root cause
Instead of guesswork, effective forensics can be explored to analyze traffic and instantly give the root cause of an event. If these measures are in place they can even provide this information in real-time. If you do not have this expertise in-house, then hire an outside firm to properly setup these security systems proactively and/or perform retroactive security analysis. These systems and investigations will capture data traffic throughout the environment, record network information for analysis, search and inspect the environment, and finally give a report of all findings which exposes network vulnerabilities.
Communicating during a breach response is important whether internal or external. Internal communication informs employees and involves everyone in the response such as the tech specialist, client service managers, PR team, and much more depending on the organizational structure. External communication involves direct mail or emails to clients, press-releases including giving interviews from company leaders, and taking actions that show you are mitigating the situation. This is practiced by;
- Being open and sincere; admitting mistakes and accepting responsibilities
- Provide appropriate details of the situation at hand
- Relying on the company’s recovery plan
- Educate on future prevention measures
- Invite both private and public parties to dialogue
Moving to proactive security model
Although it may sound as a sophisticated process, the transition to a proactive model can actually be easy. This move will create a more defensive approach to security. Take an example of a malware that has gone past the firewall into the system. To counter this, create a multi-layered strategy to include solutions such as patching, white-listing and privilege management to limit pathways for malware to fetch sensitive data. Implementing such technologies is critical because the internet continues to host gateways for malware in organizations. Sandboxing, where web browser threats are isolated behind the scenes while employees continue to work freely, can also help limit these breaches.
Research your state’s law
Never assume a breach when it first suspected – ensure the detailed scope of impact is known and how the government interprets that size of data compromise. Immediately assuming a breach and publicly announcing it in haste can cost the company a lot socially, emotionally and/or financially. Carry out research on your state’s law and find out the step to take once you suspect data has been compromised. You will find information on whether your breach fits one’s detailed by law including whom to notify and how. Hiring a lawyer is a recommended option if you are not well versed with the whole legal process.
A data breach is never an easy thing to deal with, but by following the proper plans and taking the appropriate actions, you can recover, and in many instances be better prepared for the future. If you are fortunate enough to have not dealt with a data breach, consider taking the proper actions to ensure you are prepared when faced with one. Put a plan in place for managing a data attack. Be proactive with your security and protect your environment with encryption and monitoring. You cannot make yourself 100% secure, but you can be well prepared.