(4 votes, average: 4.75 out of 5)
As the internet has evolved, so too has cybercrime. Hackers and criminals are becoming more and more sophisticated with their attacks and in the ways that they exploit vulnerabilities.
Your company or organization may be doing its best to stay on the cutting edge of web security but in this proverbial game of cat and mouse, we’re always just a small advance away from being hacked or having our data breached.
Some of the largest companies in the world have fallen victim to cybercrime, in the process millions of customers’ financial records, healthcare data and personal information has been compromised.
As prevalent as cybercrime is, you may be surprised to discover that, per Protiviti Risk & Business Consulting, one in five organizations do not have a formal incident response plan in place.
With that in mind, we’re providing a checklist of reactionary tasks to help your company or organization formulate its own incident response plan.
Some of these are fairly obvious, others may require a little bit more explanation, but here are 10 steps to take within the first 24 hours of a data breach. Remember, don’t panic. Just keep your head and follow these steps:
After you have checked the first ten boxes during the initial 24-hour period after the breach occurred, you will need to begin a more in-depth response across a number of other fronts. Here is a summary of five additional tasks that will need to be completed following the breach.
Fix the Issue that Caused the Breach
Your forensics team should have now investigated the network and any affected machines and systems. In the process it will likely have discovered the cause of the breach. Have the team delete any hacker tools and determine if you have any additional vulnerabilities or security gaps. The team should also replace any affected machines with new ones before taking them back online. And make sure to document everything so that you can learn from this situation in the future.
Continue Working with Forensics
In addition to fixing what caused the breach, you’ll need your forensics team to take stock of what exactly was stolen. This means analyzing backup, preserved or reconstructed data sources, figuring out the number of customers or employees that were affected and the type of information that was compromised and then aligning those affected with the stolen data so that you can begin notifying people.
Identity any Legal Obligations You May Have
Once forensics has a full picture of what was compromised and who that affects, have your legal team take a look at any state and federal regulations that govern your industry and the type of data that was lost. Determine who you need to notify and what timetables you have and then ensure that you do actually follow through on those notifications. This isn’t fun, and it’s probably going to hurt consumers’ trust in your company or organization in the meantime. But, not notifying people could lead to even bigger problems.
Report to Upper Management Levels
Chances are that the upper management and executive levels in your company are aware of the breach, but they’re going to want detailed reports on it. You should be keeping them informed of all the facts, including causes, resolutions and potential ramifications. It’s also good to continue to give regular updates as to the progress of investigations and the overall response.
Identify any Potential Conflicts
You’ll need to look at any and all upcoming business initiatives that could potentially interfere with your investigation of and response to the data breach, and make sure both the response team and upper management are aware of them. In some cases, you may need to postpone some things while the response carries on.
Remember, investigating and responding to your data breach should take priority over everything else. First and foremost, you need to make sure that you’re secure moving forward. It’s not outside of the realm of possibility that your company or organization could quickly be targeted again, which is why it’s so important to quickly rectify any security gaps or vulnerabilities that could be exploited.
It’s also vital that you investigate the damage and try to find the perpetrators. Until the investigations and response have run their course, you can’t get back to business as usual. And trying to would be a huge mistake.
We hope this checklist will help your company or organization create its own response plan. Remember, this is just a start. Your plan needs to be tailored to your business needs. Do some research, contact security experts and make sure to be proactive about keeping up with web security trends. After all, we’re all just one step away from a major hack or breach.