Cyber attacks happen every minute. You never know where criminals may strike. They can target your network, system resources, online accounts, or any other assets. In the process, they can do severe damage. The average cost of a cyber-attack now exceeds $1 million—something no business can afford in this economy.
Incidence response is how you handle data breaches, online threats, and other security incidents. The right plan not only helps to repair the damage but also allows you to identify problems and reduce the total cost of an attack. It can also help to prevent similar threats in the future.
When putting your incident response plan together, make sure to include these five essentials:
Table of Contents
1. Preparation
Begin with a cybersecurity audit. Identify your strategic assets, potential weaknesses, and the types of threats most likely to happen to your business.
Answer these questions to start getting a sense of what you need:
- What type of business are you in?
- Do you conduct financial transactions online?
- Do you have a physical or digital inventory of products?
- Where do your store employee and customer records?
- Who has access to your corporate network?
As you do this, start to overhaul your approach to security. What security tools do you have in place? Do you make use of web firewalls and a VPN?
If you have to ask “what is a VPN” or “what is a firewall,” you’re not doing enough. Click here for more information: https://nordvpn.com/what-is-a-vpn/
A VPN is a virtual private network that safeguards your internet connection and limits remote access. VPNs create an encryption tunnel for all data in transit to pass securely. Likewise, firewalls regulate traffic and block specific incoming and outgoing connections. Together, these measures protect from many types of cyber-attacks.
2. Education
Preparation and education go hand-in-hand. Your team needs to know how to recognize the variety of threats that exists in the digital landscape. Do they know what a phishing email looks like? What about a suspicious file attachment?
Most data breaches happen because employees don’t have this knowledge. Therefore, training staff to avoid these prevent attacks from happening in the first place.
If an attack does occur, what’s the next move? Above all, all staff should feel comfortable reporting unusual computer activity. The sooner you remove a threat, the less damage it can do. Create an open environment where employees feel safe sharing their mistakes. It’s better to err on the side of caution than to let these threats go uncontained.
In case of an incident, your employees need to be ready to answer these critical questions:
- When did the event occur?
- Who discovered it?
- How was it discovered?
- What has been impacted?
- How significant is the compromise?
- How does it affect operations?
- Can you identify the point of entry?
3. Containment
After discovering a data breach, you may want to return everything to normal immediately. Resist this urge. You don’t want to destroy essential evidence that tells you how the offense started. It can prevent another one from happening.
Likewise, malware can spread quickly. Deleting it may only play into the cybercriminal’s plan.
Containment is a much more effective strategy to prevent the spread. Disconnect the infected devices from the internet asap. If you have redundancy systems in place, get them up and running. Quarantine affected devices and leave for your infosec team to diagnose and clean.
At the same time, update and patch your systems. You need to change all user IDs and admin credentials. Furthermore, ensure multi-factor authentication is running for remote access protocols.
4. Removal and Recovery
Now it’s time to remove the cause of the data breach. You need to delete all malware, patch and harden systems, and apply updates. If possible, perform a clean install of your operating system for a deeper removal of threats.
Regardless of whether you decide to remove the malware yourself or use a third-party, you must be thorough. Any trace of malware can cause you to continue losing data and increasing your liability.
Once all systems are clean, you can get devices back into operation. Don’t rush and answer these questions:
- When can devices return to use?
- Have these devices been patched and tested?
- How long will you monitor affected systems?
- What tools will prevent attacks from reoccurring (i.e., intrusion detection, antimalware, etc.)?
5. Notification
According to Wikipedia, data breaches are security incidents that cause “intentional or unintentional release of secure or private/confidential information to an untrusted environment.”
Privacy laws, including California’s SB1386 and the EU’s GDPR, require public notification in the event of a data breach. You must notify affected parties so they can protect themselves from identity threats of other damage caused by the breach.
If you fail to do this, you increase your liability for damages, potentially resulting in substantial fines. Report breaches immediately, especially to your customers. It’s better to be honest than to put their safety at even greater risk.