Once a breach has been discovered, the victims may feel at a loss and not know what to do next. But with prompt, decisive action, companies can mitigate damage and bolster their network against future attacks.
Examine the breach – It is important that the IT department understands the details of a breach in order to learn how to clean up and protect the network moving forward. There are ways for companies to do this in house, or businesses can hire digital forensics firms to perform the investigation. Either way, companies need to find the door that was used to get into the network and discover what information was put at risk.
Report to authorities, depending on losses – If the security breach was more than just an average malware infection and sensitive data was stolen, it should be reported to authorities, who can help strengthen the investigation and take action if the cyber perpetrator is found. Keep in mind, some authorities may have a threshold on the size of breach that they are willing to look into. Nonetheless, if your compromise is significant you should still report it.
Patch the discovered holes – When the breach is investigated, generally IT staff is able to identify where the hackers got in. The next critical step is to ensure that door is shut (and locked) as quickly as possible. Other weaknesses in security defenses may be uncovered during this process, and those should be addressed with the same rigor to prevent entry from other points in the network.
Recover from backups – You are backing up, aren’t you? If systems are infected, a business will need to recover their systems from a backup in order to reduce the amount of information lost from the breach. Remember, performing regular, comprehensive system backups for business continuity and disaster recovery is a no-brainer for a smart information security strategy.
Change all passwords – Depending on what systems or networks the attackers accessed, it is possible they could have stolen important passwords that will most certainly result in further access into the system, or personal employee information such as email or social networking sites. Always compel everyone who accesses the compromised network to reset all passwords after a breach.
Communicate the breach – The proper internal parties need to be informed of the breach. And, depending on the scale and the type of information at risk, you may be required by law to inform your customers of the breach if customer data was stolen.
Run an audit – Run a full network security audit to identify any other problems that may have happened as a result of the breach, or that existed before the breach. Companies can use automated auditing tools to complete this step, or they can hire a professional third party penetration tester to perform this part of the investigation as well.
Update software patches – As simple as it sounds, software patching is the best defense against a wide range of attacks. Check and update the patch level of your organization’s devices and software, including third party tools like QuickTime, Java and Adobe Reader or Flash.