In the wake of Uber announcing they kept a data breach quiet and paid off their attackers, we thought it was important to inform you of the steps to take if you suspect a data breach.
A data breach is a security incident where sensitive, protected or confidential information is copied, transmitted, viewed, stolen or used by an individual who is unauthorised to do so. An example of a data breach can include theft or loss of digital media such as hard drives or laptop computers containing media where the information is unencrypted (not converted into a code that would prevent unauthorized access). The information can then be released to the internet or other third-party individuals.
ISO/IEC 27040 defines a data breach as: compromise of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to protected data transmitted, stored or otherwise processed.
If you suspect a data breach in your business or even on your personal computer, there are steps you can follow to ensure a smooth procedure to get your systems back to working order and protected so future attacks don’t happen.
Address the Breach and Contact your IT Support – if you suspect that there is a data breach, the most important thing to do is address it. Never ignore a data breach, even if it turns out not to be one. Data breaches can be time sensitive, i.e. the longer you leave it the more data that can be stolen, so the best thing to do is address it immediately and get it fixed and sorted as fast as possible.
Whether you have an in-house IT technician or use an external IT company, you need to make sure you contact them immediately as they will be able to fix the issue. IT support will also be able to see what information and documents have been compromised and the extent of the breach. IT support may also be able to contain the threat, so it doesn’t spread any further.
Uncover the Cause of the Breach – once IT support is on hand to check the situation, they will be able to uncover the cause of the breach. Finding out the cause of the breach is important as this can determine how best to fix the issue.
Backup – having backups should be a standard for any business, regardless of size. Having backups assures fast recovery of documents in case of attacks like data breaches. Backup logs are a feature of backup applications that records the event occur during a backup process.
These logs can be used not only for recovery, but the admins can look and compare changes in the network before and after the breach. Checking the logs may reveal valuable data about the firewall, the domain name system (DNS), the web servers and other security events, all these leading to a possible conclusion on how the network has been breached.
Be Open with Your Clients and Regulators – If have a lot of clients and store sensitive information, it is best to let them know about the data breach. Being transparent is important as it keep you honest and can help your relationship – imagine if they found out after the fact, that wouldn’t look good on your company.
Further Analysis – when IT support has fixed the bulk of the issues, the best thing to do is keep them on hand for further analysis in the days following the attack. They can check if the networks and systems are running as they should and conduct penetration testing to detect if there are any vulnerable spots. Read our blog on penetration testing to find out more on the subject.
Futureproof – Once the breach has been fixed and your computers, servers and networks are safe, the best thing to do is learn from the data breach and prepare yourself for next time. Most companies will already have IT and computer policies in place to protect their systems and networks from these types of events, however these can be overlooked or even forgotten. Now would be a good time to update this document and circulate again to refresh people’s memory.
Another good thing to do is train your employees and prepare them for events like this. Make sure they are aware of what a breach looks like and how to identify suspicious emails, and the protocols to take when a breach is suspected.
What we would recommend as well is that all organisations achieve the UK Government recognised Cyber Essentials Certification, which is an accreditation that allows businesses to demonstrate to their customers, suppliers, investors and insurers that they have implemented essential security controls to manage their cyber risk. Cyber Essentials can reduce businesses risk of attack by up to 80% and is available through Capital Network Solutions; the UK’s leading Cyber Essentials certification body.
If you suspect a cyber breach or are interested in Cyber Essentials certification, call our team now on 0345 305 4118