Juniper research predicts that with the rapid digitalization of consumers’ lives and enterprise records the cost of data breaches will increase to $2.1 trillion globally by 2019.
Most organizations will face a data breach at some point with a strong possibility that they’ll be costly to the business. To mitigate your potential costs and damages, it’s important to know the steps your organization should take if a breach occurs.
Isolate Your Network
To stop the attack from spreading within your network, take your network offline and if possible, isolate the affected servers. Change your credentials for your critical accounts and servers. If you’re IT team isn’t specialized in security and forensics you may want to hire a specialist to assist in the investigation, assessment and next steps.
Assess Your Losses
What information has been compromised? Is this information retrievable? Does your organization have an uncompromised backup that you will be able to access to restore your systems? Assessing your losses is a key step as it establishes the impact on your organization and helps to determine next steps in the restoration process.
Investigate- How did the breach occur?
Finding out how the breach occurred is an important step. According to the 2015 Databarracks Data Health Check survey, the number one cause of data loss is human error. EY’s Global Information Security Survey 2015 found 44% of executives consider employees the greatest cyber security vulnerability in their organization. Opening a phishing email, downloading a corrupt file or plugging a corrupted usb into the network are common human errors that lead to successful attacks. These however, aren’t the only ways a breach can occur; your IT team may be behind on critical patching or your organization may be running old software. In preventing future successful attacks your organization must understand how previous attacks were successful, this will help plan for future.
Learn and Prepare to Do Better
Once you’ve learned how the breach occurred you can leverage this information to improve your systems and establish a more secure network. If your breach was due to human error, take steps to reduce the likelihood of these incidents in future, such as: employee training, automating processes to reduce the number of opportunities for human error and introduce new software to protect the network in case an error is made. Your organization may have to evaluate the current technologies in place and invest in more up-to-date software to ensure you’re receiving the best protection.
Hiring a service provider to manage your security is a great option for many organizations. It places your security in the hands of an expert, ensures you’re using the best technologies, are up to date with patching and updates and ensures someone is monitoring your network 24/7 for issues.
When learning from past breaches, think about the underlying cause of the breach. Do you have a big enough IT budget? Does your organization have 500 employees but only have 1 IT staff member? Think realistically, are you allocating enough resources to properly protect your organization? Should you hire a managed service provider to assist your internal IT team or possibly increase your IT spend?
As you learn more and improve your processes, remember to update your Data Breach Incidence Response Plan to ensure your team is following the most up to date version.
Work with Law Enforcement Agencies in Your Region
Depending on the laws governing your country and the type of data your organization has, you may be required to report the data breach to your local authority (Homeland Security (USA), Interpol Cybercrime Division (Europe), etc.). These agencies may be able to provide more information on the attack and help you retrieve your data. A good relationship with your local law enforcement agency may prove beneficial to your organization.
Speak to Your Legal Team
Your corporate data isn’t just your own. It also contains personal information of your clients and other parties. If this data is leaked, your clients will be expecting an explanation, assessing their damages and possibly getting ready to sue your organization. To ensure your company is ready for any situation, inform your legal team of the breach as soon as possible and pass along all information pertaining to the situation. For your legal team to respond proactively and effectively they need to be fully aware of all details.