Our increasing use of digital has already made businesses a prime target for cyber criminals to gain access to sensitive and valuable data. However, online activity skyrocketed over the past year as more businesses shifted rapidly to working remotely¹, with access to critical business infrastructure and processes through countless devices and locations. Hackers, or hostile cyber actors, took notice of this trend.
In fact, VMWare’s 2021 Global Threat Insights Report revealed that 76% of global cybersecurity professionals said attacks increased due to employees working remotely during the pandemic.
While prevention will always be the first course of action – if you’re in the unfortunate position of suffering a data breach – how should you respond?
Here are five critical steps to take in the event of a data breach:
If your business experiences a data breach, identifying its source is a good starting point. Figuring this out is a lot easier if you integrate an intrusion detection system that automatically logs when and where a security event happens within your system.
By tracking down where the initial breach occurred, you can find out what data, such as payment details or identity information, the attacker accessed and estimate the size of the breach much more easily.
After identifying the source of the breach, make containing it and preventing more data from being accessed or stolen your next step. In many cases, hacked servers can be the entry point for attackers, so isolating these from other components within your IT system is imperative. So how can you do this?
Firstly, cut off your internet connection by simply disconnecting your Wi-Fi router from its power supply. Secondly, ensure your firewall or other cybersecurity measures are maintained to help prevent any attacker from gaining further access to your data. Thirdly, install any pending security updates to help eliminate potential vulnerabilities in your cybersecurity system.
Lastly, change all passwords relating to the breach with new, stronger passwords. The key here is to refrain from using old or rehashed passwords from different parts of your business.
Once you’ve contained the breach and established a short-term fix, thoroughly test this security measure to ensure that the attacker cannot access your data using the same method they used to carry out the initial attack.
One method of testing cybersecurity measures is penetration testing, which involves running simulated attacks on your own system to expose any potential weaknesses. This service can be run by your IT team internally or supplied by an external network security specialist.
Having prevented any further breaches from occurring, the next step in the process is to inform relevant parties.
It’s essential to inform customers and there are key pieces of information that you need to share with those effected by a breach. These include a description of the breach and its likely consequences; the measures you’ve taken to manage the breach; a key point of contact in your company; and recommended actions consumers can take to protect their data.
Informing customers without any delay is key to ensuring that they have time to react appropriately. Try to apply the same process to any third parties potentially affected by the breach too, such as partners, suppliers and if applicable, your local cybersecurity authority.
While it may seem an obvious point, data breaches can have long-lasting effects on a business, including damage to a company’s reputation and a loss of customer trust.
Maintain an open dialogue with customers about how your business is managing the current breach and mitigating the likelihood of further attacks. To support this, consider creating a communication plan that regularly informs customers with the steps your business is taking.
Ultimately, it is possible to bounce back from a data breach and rebuild trust. With an efficient response plan in place, you can show your customers that you’re effectively handling the situation and have their best interests front of mind.