Technical Support: 412-349-6678 | Incident Response

Data Breach Detected! Now What?

What to do once you detect a data breach

No matter how hard we try to secure our systems, data breaches happen.

The key to bouncing back is how quickly you detect the data breach, how quickly you respond, and how fast your data is restored from backups.

With cyberattacks on the rise, it’s more important than ever prepare a plan of action.

Although the details vary from place to place, it’s vitally important to:

  • Contact appropriate experts
  • Contain the attack
  • Report to stakeholders
  • Investigate
  • Remediate
  • Recover

Knowing in advance what to do ensures a quicker, more effective response. During the stress and chaos of a data breach, the last thing you want is to be scrambling around, searching for answers.

Poor planning exposes vague processes, magnifies mistakes, and makes recovery more difficult.

Let’s break down what to expect following a data breach, and what you can do right now to minimize it.

When a Data Breach Happens, Enlist the Experts

The first thing you should do once you verify an attack in progress, is to bring in professional cybersecurity experts.

These might be either in-house or an outsourced cybersecurity provider, such as Blue Bastion.

While these cybersecurity sleuths spring into action, important members of your business must be alerted.

Your legal counsel, CIO, COO, and CEO all need to be notified about significant breaches. Additionally, the marketing/PR team needs to start preparing customer notifications and reports to stakeholders.

If your business carries cybersecurity insurance, your insurer might require that they are your first call. To control costs, insurers often dictate which law firms, cybersecurity vendors, and types of recovery processes are permitted.

Make sure you know ahead of time what your insurer requires.

To ensure success in this step of the process, maintain an accurate and comprehensive contact list.

Review it at least quarterly, and maintain it on your network, on the cloud, and as an easily accessible paper document.

Next, Contain the Attack

During the initial stages of response, your cybersecurity response team won’t know how the attack started, if more are in progress, or the objectives of the attackers.

With so many unknowns, defenders might need to take drastic, immediate action. To limit the damage, this might even include disconnecting all network connections and shutting down every device.

Ideally, in high-risk environments like hospitals or 911-call centers, your organization will switch to backup systems. However, your resources might limit your abilities during the containment phase.

To prevent total failure, carefully consider repercussions of system shutdowns, and prepare alternative processes to keep your operation running.

Then, Report Data Breaches to Stakeholders

If your cybersecurity team begins taking systems offline, someone is going to notice.

Whether it’s employees, customers, or the general public, word gets out.

Someone on your response team needs to handle communication and provide updates.

In fact, many U.S. states and foreign governments require notifications to be provided both government agencies and affected parties.

For example, the European Union’s GDPR regulation only allows a 72-hour window between the discovery of the data breach until the notification of authorities. It’s not much time if, for example, a data breach is discovered on a Friday evening.

Make sure you identify in advance, the people who will produce reports, along with who needs to receive them.

Initial reports, ongoing updates, and final reports need to be prepared, reviewed by legal counsel, and issued to the appropriate parties.

You can make things easier later by preparing and pre-approving templates now.

Healthcare data breaches and how to keep your team safe
Healthcare data breaches and how to keep your team safe - click the image to read more.

Investigate, Recover, Remediate

In the final three steps, investigators discover the avenue of attack, recover the system, and remediate the system to prevent further damage.

However, some attackers change tactics, and it’s even possible that separate attacks are uncovered during the process.

For these reasons, the three stages aren’t always clear-cut and distinct.

While these steps are more difficult to practice, preparation remains invaluable. Tabletop exercises and penetration tests allow IT teams to build both confidence and experience.

Bringing It Together

Organizations pressed for time often ignore documentation, preparation, and training.

However, just hoping you’ll never face a problem isn’t the solution.

You might get away with it for a while, but when the day comes that you’re facing an attack, you might not be able to recover.

Make sure you and your team know what’s expected of them, and how to respond. Keep documentation of your plan, and know who to contact.

Alert qualified cybersecurity teams, whether in-house or outsourced, and be sure to have strong backup systems in place. Just because a data breach happens, doesn’t mean you lose total control.

By making thorough preparations now, you can safeguard your business’s future.

Help is One Call Away

With one phone call to 412-349-6680, or by filling out the form below, Ideal Integrations and Blue Bastion can provide a free consultation to outline a response or training program for your organization.

We offer a full spectrum of monitoring, backups, investigation, and red teaming that can help your team with a wide range of breach protection, incident response, and post-incident remediation.

The best part is that we’re by your side, 24/7/365, so you always have someone there to help. Keep your team, your network, and your data safe and sound with Ideal Integrations managed IT services.

Need a Managed IT Solution For Your Organization? Contact Us!

  • This field is for validation purposes and should be left unchanged.