Here are some steps to take to stop information from being stolen, prevent further damage and restore operations as quickly as possible.
Check out the infographic 5 Steps to Manage a Data Breach.
No one wants to deal with a data breach, but unfortunately with the rise of malware and hackers, a data breach is more likely to hit your business than you may think.
If you suspect a data breach in your business, your goal is clear: stop information from being stolen and repair the damage so it won’t happen again.
See also: What To Do When You Get Hacked, Step-By-Step
You should already have one in place, which lays out what your company, employees, and third parties should do in the event of a data breach.
Make sure your employees know about the plan and are trained on what to do. Often, the ones that do the most damage in a data breach are employees who panicked and made mistakes. Having an incident response plan will help reduce confusion and panic in a data breach.
See also: 5 Things Your Incident Response Plan Needs
In a breach, your first impulse may be to delete everything. Don’t do it! You’ll need to make sure any evidence of the breach is preserved. This can help you find out what happened and who was responsible.
Make sure to document everything that’s happening, since it will make things easier for upcoming forensic investigations.
While you shouldn’t delete your infected systems, you do need to contain them. You need to isolate the affected areas so the rest of your business isn’t affected. Some things you can do are:
Get advice from your legal counsel to figure out the best way to notify the public and your customers of the breach. It’s also important to know the legislated mandatory time frames; you don’t want to get a fine on top of everything just because you didn’t tell the public on time.
It’s best the public finds out about the data breach from you. If you delay telling them, it will seem like you have something to hide. Decide when to let your customers know, and remember that sooner is better than later. Don’t let employees announce the breach.
See also: White Paper: How to Effectively Manage a Data Breach
You’ll need to find out how you were breached in order to prevent it from happening again. A forensic investigation commissioned by a third party provides insight into the problem. Getting forensic services is often required by your acquiring bank and they are helpful in not only discovering the source of breach but also in helping you understand how to prevent the same thing from happening again. Be prepared because this may take time.
Once you’ve found and secured the source of the breach you’ll be able bring all affected systems back online. Make sure they are secure against future attacks by reaching full compliance with the PCI DSS.
Need a forensic investigation? Talk to us!
Some other things to think about in preparing for a data breach are:
Dealing with a data breach can be a difficult experience, but if you take the right steps, you can minimize the damage done to your business. Being prepared can save you in the long run.
Want to know more on handling a data breach? Check out our infographic 5 Steps to Manage a Data Breach.
.svg)
