In the IT industry, there’s an answer to most security issues. However, when the unthinkable happens—such as when a hacker steals customers’ sensitive financial information—many businesses don’t know what to do or where to turn.
Below, business owners can learn six steps to take to help get through a corporate data breach.
Step 1 : Take Immediate Action
The first step should be to resolve the issue and stop the data leak by determining which servers have been breached. Once found, disk images of the breached servers can preserve their condition; these images should be read-only to protect the chain of custody in the event of legal action.
Finally, the business owner should implement a containment plan to ensure that compromised servers cannot affect other hardware or devices.
Step 2 : Assemble a Team
Most IT experts say that forming a task force is another critical step in handling a data breach. A business cannot report the breach to its legal department and to the authorities until it has a team to lead the effort and communicate about its progress.
It is important for the company to present a unified front after a breach, and the team should ensure that all relevant information is reported accurately.
Step 3 : Test Security Fixes
Once problems have been solved and the team is on the counter-offensive, it is vital to ensure that the issue is fully resolved. This can require the security team to review server logs or run penetration tests, and it may require investigation of cloud infrastructure or other servers.
These tests are the only real way to ensure that security fixes are working as intended, and the penetration test will help businesses identify potentially unknown areas of weakness that can be exploited in the future.
Step 4 : Contact Outsiders
When the situation is under control, the team should notify the company’s IT legal department, local authorities and the PR department. It is important for the team to communicate openly after problems are resolved.
In some areas, such as financial services and healthcare, there are legal requirements for reporting data breaches within a certain time. Laws vary widely, but some require disclosure within 24 hours.
Step 5 : Resolve Related Issues
It may seem obvious, but the company must address the breach’s long-term effects by resolving other related issues. Security flaws that lead to breaches should be fixed immediately, but remediation is a process that may take much longer and involve other flaws.
Without a remediation process, other strikes could occur and the company could become an even bigger target.
Step 6 : Tailor the Remediation Plan to the Company
A company should form a remediation plan that is tailored to the event. The company must begin an honest, realistic assessment of the data breach and its causes, and the remediation plan should include an evaluation of security issues along with employee monitoring and training programs.
After the remediation stage, the company must undertake continued analysis of its security infrastructure, along with additional penetration testing. However, the initial steps of repairing the breach and reporting it to the authorities are most important.