My Network Has Been Compromised… Now What?
Imagine that you have just received that dreaded notification. As you were wrapping up your workday, a small window popped up on your computer screen and notified you that your network had been infiltrated. Now what?
Unfortunately, data incidents are becoming an increasingly common occurrence. According to FBI statistics, 2020 saw complaints of internet crime rise by nearly 40%.
Not all of these reports involved businesses, but it is important to note that many of them did. To make matters worse, the total losses exceeded $4.2 billion.
Whether you have actually been the victim of a cyberattack or just want to make sure you are prepared for a worst-case scenario, this article is for you.
Below, we’ll discuss what you should do in the event of a data incident. We will also provide you with a few tips to keep your data safe and out of the hands of hackers.
Damage Control: 6 Things to Do After a Data Incident
Based on the figures above, it is clear that cyberattacks pose a genuine threat to your company. Ideally, you’ll want to prevent data incidents through proactive security efforts — but more on that in a moment.
With that said, it is still important to know what steps to take if you experience an incident. If your network is compromised, we recommend that you:
1. Determine the Extent and Source of Your Data Incident
Immediately after you become aware of a data incident, you need to determine the extent of the situation. Once you have identified both the source and extent of the incident, you can begin proactive damage control to minimize your company’s losses.
The best way to accomplish this task is to have intrusion detection and prevention systems (IDS or IPS) installed. Using an IDS log, you can rapidly determine where the incident originated and which files hackers gained access to.
Other technologies that are beneficial to ward off attacks are Endpoint Protection and Data Loss Protection (DLP). Endpoint Protection (also called Endpoint Security) is typically used to address “endpoint” security issues and helps to secure and protect endpoints from attacks or data leaks. DLP technology provides a mechanism which can help protect against data loss.
If you do not have IDS, DLP, or Endpoint Protection installed, your IT staff or managed service provider is going to have their work cut out for them. They will have to manually locate the source of the data incident.
In the meantime, the bad actors that perpetrated the incident may be profiting off of your stolen data.
2. Alert Your IT Security Team Immediately
If you have an in-house IT team, they should be notified of any data incident immediately. The sooner they are notified, the faster they can take action.
If one of your staff member’s accounts was compromised, you will also need to revoke the privileges assigned to that profile.
Unfortunately, many small and medium-sized businesses do not have robust IT teams. If this is the case for your company, then you will need to reach out to a service provider that specializes in data incidents, like Bird Rock Systems. Our team has the resources necessary to deal with the incident and assist you with how to respond.
3. Implement and Test the Temporary Fix
Your IT team or the provider that you reach out to will need to implement a temporary security fix. This fix is designed to prevent hackers from gaining continued access to your files.
A fix will often include adjustments to firewalls and endpoint protection solutions. It may also include upgrading or patching software as needed.
Once the fix is implemented, it needs to be actively tested. The goal of the test is to ensure that the fix closed the gap in your current cybersecurity measures.
Your company’s other servers should also be tested to identify any other potential vulnerabilities, preventing another data incident.
4. Create Local Backups and Change Passwords
If you have backup files stored on physical servers or the cloud, you need to download this data and create local backups. The faster you can do this, the better your chance of preventing data from being deleted, corrupted, or held ransom.
You and your staff members should change all passwords immediately. You should assume that the hacker gained access to employee login information, which could allow them to steal even more data. This is especially important for service accounts.
Taking prompt action and updating passwords can protect your accounts and those of your employees. This can mitigate the damage caused by the data incident.
5. Alert the Authorities, Your Cyber Insurance Company, and Your Customers
Maybe you don’t need to tell everyone about your data incident. However, you do need to notify local authorities. You may also want to contact federal law enforcement, such as the FBI. They can provide you with guidance about federal post-incident regulations as they relate to your industry.
In addition to the authorities, you have to notify your cyber insurance company.
Next, notify your customers. Your notification should be made as quickly as possible so that they can take efforts to protect their assets. The notification should also include some general information about the data incident, such as the extent of it and what was taken.
Be thorough and make sure that you notify all affected clients. Use multiple channels of communication, including phone calls and emails. Failing to notify consumers may result in hefty fines for your business.
6. Start Cleaning Up the Mess
Here is where things get tricky. Even after your team has resolved the data incident, you might be left with quite a mess to clean up. Your business may have experienced profit losses during the incident due to an inability to conduct normal operations.
These losses can be compounded because data incidents damage consumer confidence, which means that you may lose previously loyal customers. In order to rebuild your brand image, you might have to hire a digital marketing firm.
If you do not have an in-house IT team, you will also have to pay a third-party firm to neutralize the incident and secure your network.
Can You Stop Incidents Before They Happen?
As you can see, there are no easy answers when it comes to dealing with a data incident. Cybersecurity incidents are messy and costly. According to Forbes, a single data incident can cost your business millions of dollars. With so much at stake, you are probably wondering whether there is a way to stop data incidents before they happen.
While no organization can completely eliminate the possibility of a data incident, especially due to the potential for employee error, Bird Rock Systems can drastically improve your cybersecurity protocols.
We can help with:
- Creating or updating an incident response plan
- Performing tabletop exercises
- Providing security assessments and remediation
- Performing health checks for security solutions
- Ransomware readiness assessment
At Bird Rock Systems, we offer comprehensive solutions to strengthen your organization’s cybersecurity. Our experts can assess, build, and manage your enterprise information security so that you can proactively prevent data incidents.
Contact us today to learn more about our services, including security assessments and incident response solutions.