What to Do When a Data Breach Strikes

With data breaches occurring more often and wreaking more havoc than ever before, every organisation must have a set protocol for what needs to happen when a security breach occurs. Here’s what to include in your incident response protocol, from our cybersecurity team.

#1 – 24/7 Support

Start by making sure that your managed IT services provider or IT department is set up to respond to a breach whenever it occurs – whether it’s the middle of the night, during a workday, or on a holiday. Network monitoring should be 24 hours a day, 7 days a week with no breaks, and should be carried out by people who can recognise an attack and follow the protocol to limit the damage.

#2 – Identification

The next step is to identify the attack by looking at the status of the incident, the time and day when it was first detected, how it was detected and what the attack looked like, and the resources that have been affected by the attack. Knowing what type of attack has occurred and where it started is critical to your defensive strategy.

#3 – Chain of Command

Every person in your organisation is susceptible to an attack if they are on your network. As a result, everyone should know exactly who to contact if a breach occurs. Additionally, there should be a full chain of command for escalating the issue. This escalation process should be limited by the danger the attack presents and where the attack has occurred, with more sensitive attacks being escalated on a higher alert (for example, system or data attacks, DDoS attacks, or ransomware attacks) than lower priority attacks (for example, attacks that only compromise a single machine, or where confidential information has not been impacted).

#4 – Limiting Damage 

With the right people being notified and able to act, the next stage is to limit the damage the attack could cause. This may mean isolating a network device, diverting traffic from a backup server, or scaling up services to handle compromised traffic without allowing your website to fail. Once immediate measures have been taken, longer-term measures will have to be carried out as needed, which may include restoring data from a backup, patching a system/software, and eliminating any malicious software in the process.

#5 – Prevention of Future Attacks

Preventative measures should be routinely evaluated and improved where possible, and these should be expanded on where needed to address the source of any successful attack. It is also recommended that you perform dark web sweeps to audit for lost or compromised data that may negatively affect your business, clients, or suppliers if found and accessed by the wrong people.

Need assistance in developing or running your business cybersecurity strategy? We can help. At Otto, we’re here to protect your organisation and your people against ransomware, IT scams, and other IT security risks. We’ll help you educate your team, ensure you have the best IT protection for your business and be ready to act if your data or people are compromised. Whether you have remote teams, need a backup solution, or aren’t sure what provider is best for your business, we can help you out. Just think of us as your IT department.