What Should I Do If My Office Has Just Had a Data Breach?
Unfortunately, in this day and age data breaches are becoming common. And it’s not just large organisations like Capital One or Australian National University (both with breaches in 2019) that are targets. Small and medium-sized businesses are also breached.
Small businesses are the target in 43% of cyberattacks. And it’s often harder for them to recover once a breach has happened, especially if the aren’t sure what to do once a breach has occurred. Approximately 60% of small businesses close their doors within 6 months of a cyberattack.
Prevention through strong managed IT services, anti-malware, firewalls, and other security measures is always the best way to avoid a breach in the first place. However, if one happens, how well you handle it in the hours afterwards can often dictate how resilient your company will be in the aftermath of a breach.
What should you do if you suspect a data breach? Our GKM2 Cybersecurity Team has put together the following checklist to help you get through a breach with as minimal damage as possible.
Post Data Breach Check List
With so many records kept digitally these days – just about all of them – protecting that data from unauthorised access is becoming one of the top IT priorities of most companies around the world.
Types of data that companies store digitally and hackers are going after includes:
- Customer records
- Intellectual property
- Customer credit/debit card details
- Financial information
- Employee records (including details that can be used for identity theft)
- Business emails/correspondence
An Australian data breach in Q1 of 2019 exposed the personal data of over 10 million people.
If you suspect your network has been breached by a downloaded virus from a phishing email, a brute force attack, or another entry point, here are the steps you should take right away to minimize the damage.
Take Equipment Offline Immediately
If you suspect a data breach, the first thing to do is prevent more of your devices from being infected, so you want to immediately take the impacted equipment offline, disconnecting them from both the internet and any company networks. Basically, you want to quarantine the device(s) so it can’t spread the infection or gain access to other computers.
If you’re unsure how far the breach has spread, take all computers and servers, and any IoT devices offline and temporarily replace them with clean devices to keep your operations running while the damaged is assessed.
Secure Your Records
Another immediate need is to secure any sensitive data that you store and could have been breached. This can mean changing passwords, initiating a data backup recovery, or moving data to another cloud-based storage area.
You’ll want to update all passwords that can access any of your company applications, networks, or data, including:
- Administrative passwords
- Application passwords (such as to Office 365 or Dropbox)
- Email passwords
- Device & network passwords
- Website passwords (such as WordPress admin credentials)
It’s also a good idea to enable two-factor authentication with logins, where possible.
Investigate the Breach and What Was Exposed
Next, you need to know exactly how the breach happened, which records may have been exposed, and identify and eradicate any malware that may have been planted on your system to enable the breach.
To do this properly and expediently, you will need to enlist the help of IT experts to assist in the forensics and identify which of your devices have been impacted, what records were accessed, and how to seal the breach.
Report Breach to Authorities and Impacted Persons
When it comes to reporting the data breach, there are two areas that companies need to be prepared for: Reporting to regulatory authorities and reporting to those whose data has been breached.
The Notifiable Data Breaches (NDB) scheme, part of Australia’s Privacy Act, requires reporting of eligible data breaches to the Office of the Australian Information Commissioner (OAIC) and to impacted consumers within 30 calendar days.
If your company does business with EU clients, then you may also be required to comply with reporting requirements of the General Data Protection Regulation (GDPR), which requires notification to relevant agencies in 72 hours and to those with exposed personal data “without undue delay.”
Review & Fortify
Once you’ve contained the threat and ensured compliance with reporting the breach, you want to assess your network and device security policies and your response to the breach to make improvements.
Identify security measures that can be improved upon to prevent not only the type of breach your business was the victim of, but other types of infiltrations as well. Many cloud services providers offer tools you can use to fortify application security, such as Microsoft Secure Score for Office 365.
You’ll also want to identify actions your team took in the aftermath of the data breach and find out what areas were sticking points or what can be improved in the future, then document this in your cybersecurity response plan.
Lastly, you’ll want to begin building trust back with your clients. Let them know the additional security measures you’re taking to ensure their data will be safe if they continue doing business with you and any remedies your organisation is taking to help them should someone misuse the data that was accessed in the breach.
How Strong is Your Cybersecurity Plan?
There are multiple entry points for a hacker to breach your network, does your cybersecurity plan cover then all? GKM2 offers peace of mind to businesses in the Sydney area through our Managed IT Services that include things like managed antivirus and anti-ransomware protection and managed firewall security.
Contact us today for a security assessment to ensure your network is breach resistant. Call +61 2 9161 7171 or reach us online.