This article has been submitted by Data Recovery Specialists
Cyber-crime is on the rise, threatening the online security of your information and any client data. The new GDPR regulations enforce a strict ‘code of practice’, but how you act as a business after a cyber-attack is just as important. Failure to contain any threat may be as negligent as not enforcing adequate security principles in the first place. So, what do you do once struck by a data breach?
Establish the extent of the problem.
Most importantly you must establish the extent of the problem, before containing and isolating the threat. Often a data security breach will go unnoticed for a long time, exasperating the problem. Before you can make an effective plan, the facts must be established as follows:
- How long the threat has been active?
- What information has been breached?
- Who does it effect?
- The type of virus, trojan or malware?
Contain the attack and isolate your data.
Your business may have the necessary technical expertise to contain the attack. If not, it may be well worth engaging a security specialist. If the breach effects your clients, notify them immediately. Many companies have been criticised for waiting to inform customers of security breaches. Not only are you likely to lose customers, but you may also face legal action for failure to notify those effected.
A cyber-attack on the Velindre NHS Trust and the Betsi Cadwaladr University Health Board in Wales last year was quickly contained. Over five hundred effected staff were notified immediately. Their quick action mitigated the problem and no further action resulted.
What to do immediately following a security breach?
Separate any sensitive data from the network. If you have reliable backups that are unaffected, restore these. If you don’t have any reliable backups and your data is corrupted you may need to consider a data recovery specialist.
Reset all passwords and impose stricter login controls. You may even consider two-factor authentication, where there are two different methods of identity confirmation for the user.
Reinstall software and applications. You are unlikely to find the source file of the attack. Malware authors are experts at cloaking their files. Better to simply securely erase all operating systems, software and applications, before reinstalling these.
Disconnect the host. This will stop the malware from spreading and contain the issue.
Apply security patches. If you don’t have the latest versions of software, now is the time to get these. Anti-virus and anti-malware scans should also be completed on restored systems.
Prevention is better than cure.
Once you’ve had a security breach, cyber-attackers know you are vulnerable. We have found that over two thirds of data breaches in Wales last year were caused by negligent employees. Unless you act quickly and are prepared, it is highly likely you’ll be targeted again or suffer from further negligence.
Now is the time to look at your disaster recovery plan and your information security. Cyber-security experts and ethical hackers can help you prepare for any future attack. Tell your staff and clients how you have now prepared, and they will appreciate this.