What to Do After a Security Breach

What to Do After a Security Breach

It’s 2017, and we’re used to technology progressing at the speed of light. When we get used to one system, the next one comes along. Along with this reality, we’ve all experienced either a computer virus, a crashed system, or compromised security.

While there are steps we can take to prevent those events from happening, nothing is 100% foolproof; so in addition to protecting ourselves, we have to know how to mitigate damages after a security breach.

So what’s a freaked out person to do?

Analyze the Breach

Some breaches are insignificant. There are some tools that will alert you to alleged breaches when what happened may just be a new employee opening a report or file for the first time. If this is the case, stop the “attack,” review what may have been breached just in case, and move on.

In the worst of instances, the alerts could signify a full-on attack on your hardware, causing it to spin or send emails to bombard the Input/Output or your own environment. This could mean that there’s an infected file in one of your host environments. If this is the case, lock down that environment, and remind users of proper protocol and procedures when saving a file to your community’s network. Make sure everyone has the proper virus protection and implement proper user security protocols. All of these attacks and solution handling should be in your Disaster Recovery (DR) plan.

Review Your Data Recovery Plan

The first part of an adequate data recovery plan for a major breach is to stop using the current environment and start up your mirrored devices. That way, your company can still run while you attack the situation. Then follow these steps:

Step 1. Review which parts of your DR Plan need to be implemented.
Step 2. In some cases, it may be just updating a zero-day software bug fix. Report to a vendor and do your best to isolate the problem.
Step 3. Report the breach and expected impact it will have on the business.
Step 4. Report which processes in your DR plan need to be addressed.
Step 5. Assume the worst while planning and implementing.
Step 6. Take a step back and review whether the plan has covered everything that was infected or lost.
Step 7. Run your audit checks, including running database integrity checks to make sure your data has not been corrupted.
Step 8. How did it happen?
Step 9. Was this an inside or outside attack?
Step 10. Review what the audit checks reveal to you.
Step 11. Fix the holes.
Step 12. Report the loss of data or the impact on any client, user, or person who had their personal information compromised.
Step 13. Communicate with the agencies, customers, and business partners that you need to report the breach to.

Moving Forward

Once you’ve done damage control and patched the vulnerabilities, review your DR plan to see if it was effective in counteracting the breach. Update any shortcomings you faced, and share with your community any new policies that you need to implement.

Take a deep breath and be ready for tomorrow. If you have a DR plan, if you have properly updated all of your systems, software, firewall, hardware, and applications for known holes; and you have a high availability solution ready to start up. Pat yourself on the back. You have done everything you can to raise your environment and handle the hiccups of ownership. And if you’re not so sure you’re adequately protected for the next time, contact us at Soaring Eagle Consulting for some peace of mind.

Comments