Businesses across the world are increasingly becoming aware of the threat of data breaches and the damage they can cause. According to the 2017 Ponemon Cost of Data Breach Study sponsored by IBM®, the international cost of data leaks in 2017 has gone down by 10% as compared to the statistics gathered in 2016. However, despite the lowered cost of leaks, the number of security breaches has risen by 1.8%.
Companies are Acting to Fortify Defenses
Source: Security Intelligence
As the above graph indicates, companies are no doubt taking steps to strengthen their security systems and educate workers. But, one of the most important preparations they need to make is to institute a detailed protocol that springs into action the minute a breach becomes apparent. By responding swiftly and working to contain the breach and its fallout, companies can further lower the costs of the leak and the number of records that can get affected. Read ahead for an understanding on the initial critical steps as outlined by the IBM X-Force® Incident Response and Intelligence Services (IRIS).
Have a Team of Incident Response Personnel on Standby
To prepare for the possibility of a data breach, you might want to hire the services of an expert IT security team. These professionals will help you institute Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). As soon as you realize that a security breach has occurred, you’ll need to respond to it by informing the incident response team. The sooner you take steps to identify the source of the leak and contain it, the better chances you’ll have of minimizing the damage. The forensics team will also take action to determine the extent of the damage and the amount of Personal Identifiable Information (PII) that is affected. All further steps to be taken will center around this research.
Provide All the Assistance Needed by the Investigation Team
Prepare all the logs and other tools the team may need to work quickly. Inform your employees to search the equipment they’ve been using and be ready with their responses to the investigations the team will be conducting. For instance, did any of the employee lose a refurbished device assigned to him or her by the company like laptops, Macs, PCs, smartphones, and tablets or any other? Has anyone detected a missing USB drive? Did an employee accidentally download an attachment that contained malware?
Install a Program to Reset Passwords Automatically
Have a fail-safe program that will reset all passwords in company devices at the touch of a button. In this way, you can secure all business accounts and release new passwords only to employees that have cleared the investigation procedures conducted by the IT forensic team. Restricting the release of domain administrator credentials to only reliable personnel is another protective measure. Be aware that Windows saves credentials by default to authorize users to use the device in the absence of the domain controller. Potential hackers can steal these credentials by breaking into servers or PCs.
Institute Codes and Train Employees on Responses
Smart company owners prepare for data breaches by training employees beforehand on how to act in case of a security leak. For instance, they may announce a Code Red, so employees know that the company has a grave breach problem and they need to be careful about the information they share with people outside the enterprise. These codes will also prevent chaos and confusion when the company systems begin to shut down suddenly.
Test Security Systems for Weaknesses
Having once breached the security defenses of your business’s IT system, hackers are likely to continue to harvest data until found or traced. The IT forensics experts are liable to conduct detailed testing of your digital servers, devices, and other equipment to identify continued penetration. Accordingly, they will take steps to plug further data breaches and eliminate vulnerabilities.
Inform the Concerned Authorities and Legal Team
The law mandates that you notify federal authorities right away that a data breach has occurred in your company. These bodies will instruct you on the actions you must take by the regulations applicable in the industry where you work. You may also want to inform your legal representatives so they can prepare the necessary defenses in case your company becomes liable by the people whose information is in jeopardy.
Notify Affected Entities
Your business probably collects information from customers, employees, vendors and business partners to conduct regular operations. Another critical step you must take in response to a data breach is to inform all the affected entities. By receiving alerts in time, customers and other entities can act to protect their identities, cancel credit cards, change bank account numbers, and inform Social Security agencies. Set up a response center where customers and any other people dealing with your business can contact you for any added information they need. Offer all details honestly with advice on the protective measures they can take.
Data breaches are a major risk that companies across the world deal with increasingly in present times. But, the right critical steps that companies take the instant they detect an intrusion can help them lower the fallouts and possible losses they are likely to incur.
This post is part of our contributor series. It is written and published independently of TNW.