2014 was one of the worst years in history regarding the volume and financial damage caused by data breaches. The Identity Theft Resource Center estimates there was an increase of nearly 28% compared to the previous year.
Home Depot, Government contractor USIS, JPMorgan Chase, Connecticut Public Utilities, dozens of hospitals, Apple’s iCloud, USPS, Sony Entertainment…the list goes on.
No industry was safe last year.
Anthem’s breach has already taken over headlines for 2015.
The dark cloud of data breaches continues to hover over 2015 as the same hacker gang that hit Target and Home Depot has hit yet another large business: a parking reservation service.
Technology weaknesses such as multiple Adobe Flash vulnerabilities, Linux computer operating system vulnerabilities and Wi-Fi router vulnerabilities are being uncovered and taken advantage of by hackers faster than vendors and manufacturers can keep up – and the year has only just begun.
With all this in mind, more and more business leaders are coming to the realization that it’s no longer a matter of if, so much as when, a data breach will happen. In order to help, we’ve prepared a high-level list of steps to take when the inevitable occurs.
1) Do not power down affected systems and devices.
It’s ok to disconnect them from the internet/internal networks, but if they’re powered down, critical forensic data will be permanently lost from memory.
2) Assess and Contain
Identify what’s going on in order to answer the Who, What, When, Where and How questions. Once you know what you’re dealing with, contain the situation and begin identifying what data was breached, what the impact to the business will be, determine follow-on actions and establish timelines. Be sure to maintain documentation of this effort.
3) Legal Assistance
It’s time to bring in your lawyer in order to ensure you’re covering all the legal bases. The documentation you prepared/are preparing in step two is going to be critical here. You also need your lawyer to provide guidance on notifications, both internally and to your customers and clients. If you have cyber insurance, you will likely need assistance from your lawyer to prepare your claim(s).
4) Forensic Archive
Collect and safeguard information from compromised systems and devices. Evidence media and printouts need to be created and securely stored with chain of custody documentation.
5) Communication and Notifications
Notification laws vary by state, so again, you’ll need to work with your lawyer and have a person (or team) focused on communicating with customers and clients. Once notifications have gone out, expect that word will eventually get to the press. You and your lawyer will need to be ready to deal with them as well.
6) Law Enforcement
You may need to interact with law enforcement (such as the FBI) regarding the breach and the data that was compromised in order to catch the cyber perpetrators. If you followed the previous steps, you and your lawyer will be ready to provide them with the information they’ll need in an investigation.
7) Clean Up and Recovery
At this point, you will be ready to eradicate, clean up, and recover or replace compromised systems, devices and data (as feasible). Ensure that this process is thoroughly documented and chain of custody information is kept up to date.
The best steps you can take, though, are before a data breach ever occurs and includes making sure you are prepared and protected. Contact Sera-Brynn today to learn more about penetration testing to see how safe you actually are today, before a breach occurs.