Do you suspect that your organization has been breached? Please contact us immediately using the chat option on this page, or write to us at firstname.lastname@example.org for quick remediation.
Please scroll to the bottom of the article for a downloadable infographic of this article.
A step-by step guide to immediate incident response and remediation
Being under cyber attack is a highly stressful time for an organization. Not only do tensions run high, but also in many cases, various teams have different priorities in containing it.
Here is a clear and practical step-by-step guide on what to do after discovering a security breach.
- Contain the data breach
Hem in the data breach by determining the exact servers that have been compromised, and containing them as rapidly as possible to stop the effects from spreading to other devices or other servers.
Evidence needs to be preserved in order to diagnose how the security breach happened, therefore, it is important not to delete all your data.
These are some immediate steps you can take to contain a data breach:
- Consult your organization’s IT or cybersecurity department if there is one
- Install available patches and complete the installation of any pending security updates
- Inspect and fortify your firewall settings
- Disable remote access to your systems
- Change each and every affected or endangered password at once. Use very strong passwords to replace them. Set a different password per account, as redundancy can weaken your defenses. Different accounts protected by different passwords can limit the damage.
- Inform organizations that are connected with your systems, alerting them to the breach and requesting their IT teams to step in immediately.
- Assess the extent of the data breach
A business impacted by a data breach should try to determine whether they were the sole victim of the cyberattack or just one business within a broader group targeted in the attack.
In the case of the latter, they should look out for updates from reliable sources monitoring the situation. Either way, they must try to discover exactly how the breach took place within their own system in order to fortify their defenses to prevent future attacks.
It is imperative to decipher-
- The network connections that were online when the attack took place.
- The people who had access to the servers that got infected.
- The extent of the impact, who among your employees, third-party vendors, and customers may have been affected, and how severely.
- What information was accessed, whether any personal or financial data was compromised. If account info or credit card information was compromised, inform banks and credit card companies to monitor or temporarily block the accounts and cards to hold any suspicious activity in check. Also assess the risk of personal identity theft.
- How and when the attack was initiated: Run your security data logs through your intrusion detection system, your email providers, firewall, and antivirus software.
An expert cyberattack investigator can also help you get answers to all these questions, in addition to getting the best guidance to prevent future attacks.
- Put out the word to help contain the fallout
Clarity in communication is very important at this stage. After assessing the extent of the breach, everyone impacted should be informed. Proper authorizations must be given to your team members as regards the communications, both internal and external.
Moreover, it may be necessary to meet with your legal counsel to hash out the best mode of communication to let customers know about the security breach.
It may be easier to manage the fallout if you already have cyber liability insurance. Inform your insurance carrier as soon as possible for guidance on what to do after a cyber attack. They may have additional information that can help you pull together after a cyber attack.
When you reach out to notify customers about a cyber attack, be upfront and transparent about the attack and the steps you are taking to mitigate it. Designate staff or a hotline to address any incoming queries from your customers who might be affected and anxious for updates. This will go a long way to ensure that you remain in vendors and customers’ good books.
You should also inform the local cybercrime authority about the cyber attack.
Life after the cyberattack: future steps
- Once the damage control has been done, you must put in time, effort and resources to strengthen your systems and prevent future attacks from happening. A cybersecurity consultant can help you achieve that.
- Get cyber liability insurance if you haven’t already. Cyber liability coverage is available for firms of all sizes. It comes with a spectrum of services and coverage to help you mitigate the risk of cyber attacks on businesses, identity theft, and data losses.
- Extend your cybersecurity coverage to vendors, partners and other parties that will be part of a data exchange setup with your business
- Fine tune your crisis communication skills, prep your PR team, and have a plan in place to inform your stakeholders should any security breach occur.
- Employees, vendors, partners, and all parties linked with your business should be educated in basic cyber hygiene to form a barrier against future cyber attacks.
- Have a set of security checks and balances in place, scan for vulnerabilities, and take every digital precaution to prevent a future breach.
- If your work setup requires the use of remote desktop sharing applications, instruct your staff in these remote workplace safety tips.
Remote workplace safety tips to guard against cyberattacks
- Restrict attendance and access to conference calls, remote meetings, and virtual classrooms through the use of specific invites and passwords
- Be aware of what phishing emails look like, and never click on links or open attachments from unknown senders. If you happen to do so, immediately inform your IT team so that they can scan for whether any malware has been downloaded and deployed
- Never share links to online meetings, classrooms, or conferences on public platforms, including open social media profiles.
- Never share usernames and passwords, social security numbers, birth dates, security answers, financial information or any personal details when solicited over the phone or email.
- Restrict data access as per employee’s role.
- Have a data breach security protocol already in place, along with training programs for your staff on how to avoid a data breach, and what to do should they discover that one has occurred.
If you’d like a detailed guide on cybersecurity for remote and hybrid workplaces, please take a look here.
A cyberattack can undoubtedly cause a lot of pain and stress, however, having a plan in place and taking the right steps post an attack places you in a much better position for recovery.