You KNOW you could have / should have done more to protect your business data… but now it’s too late and your computers have been compromised.
What should you do in the event of a data security breach?
1. CALL IT DATA SECURITY PROFESSIONALS ASAP!
Just like a fire or medical emergency, time is of the essence. The attack may still be underway or causing further damage.
- In the case of a virus or malware, the more people who open the email, the more computers will be infected.
- Hackers can continue downloading files as long as they have open access. Less than 48 hours after a breach, the attacker will have control of a network – you need to act fast.
- If the threat is coming from inside the building (an employee or contractor who either inadvertently or with ill intent caused the breach), you’ll want your IT team to be able to clearly see the source of the issue.
You don’t want a junior IT guy giving it his best shot. If you don’t have an experienced IT partner, NOW is the time to find one! (Note, however, that just like calling 911 to summon a helicopter to medically evacuate you off a cliff and into to an emergency room, finding an IT partner during a data security crisis is likely to be both difficult and expensive.)
The risk here is that if you have under-trained IT personnel panicking and changing settings, it may be difficult for your IT team to understand what really happened and diagnose the root cause of the issue. Don’t make the problem any worse than it is. Call in IT Professionals.
2. Assess and contain the damage.
Your IT professionals and senior leadership team need to set aside blame (at least for now) and be in tight communication about what happened and how to proceed in fixing the data security breach.
Hopefully you have a disaster recovery or business continuity plan in place, along with documentation of your passwords and backup of all your systems.
Your damage control team needs to decide:
- Is the breach contained?
- How severe is the damage?
- What steps do we need to take now?
- Who needs to know? If sensitive data was exposed, you’re likely legally required to notify those who are potentially impacted and/or government agencies.
- How can we prevent this from happening in the future?
3. Take data restoration steps.
Every situation is unique. Some actions need to be taken immediately, while others may happen over the coming days, weeks and months. Depending on what happened, restoration from a data security breach could mean:
- Restoring files from backup
- Changing all passwords
- Taking a system offline until security updates can be applied
- Paying the ransom on the ransomware (which is a terrible idea, for so many reasons!)
First to employees and then to anyone affected outside your organization, you need to clearly communicate:
- What happened
- How you’re fixing the issue
- Any steps those impacted need to do to protect themselves
5. Get committed to data security.
Small businesses are not immune from cybersecurity attacks. With fewer resources to fight and recover from a breach, it’s even more important for you to Integrate security into your platform. One component of our data security offerings is to use Microsoft 365 for:
- Identity & access management
- Threat protection
- Information protection
- Security management
- Device and application management
We also believe strongly in user data security training.
Many employees share passwords, not considering the data security ramifications. In over 63% of data breaches, attackers gain access through weak, default, or stolen user credentials. Your technology and people need to work together to keep your business protected from malicious cybersecurity attacks.
Beyond user training, there are a few other ways you can safeguard your business:
- Multi-factor authentication
- Leaked credential reporting and monitoring
- Computer firewalls
- Routine backup and recovery procedures
- Regularly applying security updates
Microsoft 365 for Data Breach Recovery
One of the solutions we use in our data security practice is Microsoft 365, which has all the perks of Office 365, plus advanced security and device management tools. Microsoft 365 helps us both with remote network monitoring, but also for data breach recovery.
Here’s some of what Microsoft 365 can do after you’ve been breached:
- Automatically investigate and mend endpoint threats
- Recommend what to investigate and remediate
- Investigate company-wide emails to remediate threats
- Visualize a hacker’s lateral movement
- Recover OneDrive files
- Remove ransomware
Call Us for Data Breach Prevention
We don’t want to be your 911 IT emergency call. We want to be your day-to-day IT partner who keep your IT systems health and your systems secure with IT services like:
- Continually monitoring network traffic for anomalies
- Maintaining backups and testing restore procedures
- Having a “red book” of system admin credentials and vendor contact information
- Enforcing IT policies and procedures
- Keeping hardware and software up-to-date
Don’t wait until it’s too late – give us a call today – 1.586.263.1775.