80 likes | 90 Views
A data breach demands a comprehensive response. Knowing who will be part of your response team and assigning their primary tasks ahead of time will help you quickly take appropriate action. The team should be enterprise-wide and include key members of the executive team and board of directors, the head of IT, security experts, as well as representatives from your legal, communications and HR departments. <br>
E N D
How to recover from your next data breach
Put Together a Response Team A data breach demands a comprehensive response. Knowing who will be part of your response team and assigning their primary tasks ahead of time will help you quickly take appropriate action. The team should be enterprise-wide and include key members of the executive team and board of directors, the head of IT, security experts, as well as representatives from your legal, communications and HR departments. It is important to remember that it is not just your company’s data that has been compromised. Employees need to know what risk they are at and what they need to do. Vendors and clients who were impacted need to be informed. Having a comprehensive team in place will help create a multifaceted plan that addresses all the issues a data breach may create.
Identify the Source and Spread In the aftermath of an incident, you do not want to take any steps that might spread the problem inadvertently. Keep focus on identifying the source of the attack and isolate the affected servers and systems. Infected machines should be analyzed to determine if a full operating system restore is required or if they can be cleaned using anti-ransomware software. As ransomwares like Ryuk evolve, creating a hierarchy of attack on a network, this isolation becomes even more crucial. This latest generation of attacks can be more effective, faster, and spread wider than those of the past. Ensuring your team is educated and updated on the latest variants will help them to know where to start looking once a breach occurs.
If a ransomware attack happens and employees find themselves locked out of their data, the gut reaction may be to reload from backed-up files. That is what they are there for after all. There is a good chance, however, that these files have also been targeted by the attack, leaving them encrypted, unrecoverable or also infected. Always train employees to scan backup files before attempting a recovery. Digital storage systems that enable point-in-time recovery can be invaluable in reducing downtime from a ransomware attack that manages to encrypt data and backup files. These systems enable security and IT teams to roll back to a restore point before the infection, which should recover the bulk of the data in a single step. Since these systems track changes at the block level, they are able to recover quickly. Back-ups of the most critical files and data should be kept in air-gapped storage systems. This ensures that at least one copy of the data is always housed on servers that are isolated from the network and will remain unaffected by an attack.
Don’t Cover It Up When it comes to data breaches of any kind, from a DDoS attack to malware, there can be a perceived negative stigma. There may be fears that the breach will make your company look careless and undermine the trust of clients and partners. There may be an impulse toward keeping quiet. After all, if no one knows about it, it didn’t really happen. The truth is these sorts of attacks are common. A breach is not a sign of corporate weakness, it is an unfortunate reality of existing in the digital age. The worst thing you could do after a breach is to keep it quiet. In many cases, your company has a legal duty to notify law enforcement or privacy regulators. Every attack needs to be understood so as to give White Hats a chance to bring equilibrium to that ebb and flow of vulnerability. Reporting is the first thing you can do to protect your organization from a subsequent attack.
In the aftermath of a breach, your company’s leadership will be focused on cybersecurity. That presents an opportunity for a wide-ranging evaluation of your current security practices, procedures and tools. Don’t waste it. Protect Your Network from Another Attack
SILO Compliance Systems 1067 South Hover Street, #E-172, Longmont, Colorado, 80501