Data breaches have evolved to become all too common, leaving a long list of businesses with compliance violations and lawsuits. As the world gets increasingly digitized, you can expect the current situation to go from bad to worse before we know it.
The planet’s collective data will reach 175 zettabytes (that’s 175 followed by 21 zeros) by 2025. That number includes all data types, from streaming videos to cryptocurrency apps to healthcare databases.
According to Verizon’s 2022 Data Breach Investigations Report, human error (including errors, misuse, and social engineering) caused 82% of data breaches in 2021. Furthermore, 50% of breaches were associated with remote access and web applications, 45% due to credential reuse, and 25% were attributed to social engineering (like phishing campaigns via social media).
Securing all this sensitive information is critical. However, nothing will ever be 100% secure in a rapidly evolving threat landscape. As such, we must prepare for every conceivable scenario, and unfortunately, the unthinkable.
Although cyberattacks and data breaches are unavoidable, we can manage the fallout to a certain degree. The steps you take now to ensure data security, following best practices, will go a long way to mitigate risk.
So, have a disaster recovery and incident response plan ready in case you fall victim to a data breach.
1. Contain the Breach
Before you do anything, you have to first contain the potential damage caused by the cyberattack. The first step is to identify affected systems and servers that were compromised and isolate them quickly. This approach will stop malicious code from infecting more servers and devices.
Here are a few things you should do immediately:
- Disconnect your internet connection
- Disconnect all compromised servers, computers, and mobile devices from the network
- Disable remote access
- Check your firewalls to ensure that all systems are appropriately updated and patched
- Make sure to patch and update all other systems
- Change passwords
- Set up multi-factor authentication (MFA)
If you haven’t already, this is an excellent time to add MFA to your security stack. At the same time, make sure to create new, strong passwords for each account and never use the same password across multiple accounts. This approach goes a long way to limit the damage of a future data breach.
Sometimes, it can be tempting to delete everything when you discover that you have been hacked. But that’s a bad idea that will do more harm than good. Instead, spend time exploring what exactly happened and gather evidence to share with regulatory bodies and stakeholders.
2. Assess the Damage
Before you can fix anything, you have to figure out what exactly happened. Was it a ransomware attack? Or was it a different type of malware? It’s also important to find out if you’re the sole victim of the breach or part of a widespread attack.
3. Determine the Source of the Data Breach
Collect information related to how the attack began, users who have access to infected systems, and what network connection remained active during the security breach.
Ask questions like the following:
- Was there any data loss?
- What kind of data was compromised?
- Was it customer information?
- Was it financial information?
- Would this data allow a hacker to steal customer identities?
It’s important to ask these questions as the type of data and what threat actors can do with the information will dictate your response. For example, if the data is encrypted, it will be rendered worthless. If the data breach only exposed names and addresses, that could start a domino effect that leads to identity theft.
Your data breach response team must quickly identify what information was affected or stolen and highlight every little detail about what cybercriminals could potentially do with the data.
4. Fix Potential Vulnerabilities
One of the key undertakings after a data breach is to fix the vulnerabilities that caused the data leak in the first place. In this scenario, work with your IT security team or hire external security experts for a forensic investigation if necessary and get to the bottom of it.
After a thorough evaluation, deploy short-term and long-term security measures and fixes and make sure to properly address potential vulnerabilities.
It's important to address the most pertinent issues in the short term while strategizing potential long-term security solutions. This approach will help mitigate the risk of another data breach while limiting the damage.
5. Inform All Stakeholders
A data breach notification should be sent to all stakeholders, including customers, employees, relevant agencies, legal counsel, and even law enforcement, as soon as possible. You don’t want your customers to find out about it from the news.
After all, it’s vital for all your customers, clients, and staff to know about the security event to protect themselves from unauthorized access, identity theft, and financial fraud.
Threat actors target databases with sensitive company data (like trade secrets) and personal data like personally identifiable information (PII). As such, following state laws, federal laws, and regulatory guidelines inform all stakeholders about all the details you know about the cyberattack and provide them with an opportunity to take action.
For example, suppose a database with PII, including credit card numbers and bank accounts, was exposed. In that case, your customers can set up fraud alerts and take action with the credit bureaus if the hacker tries to use their financial information.
The same goes for staff with their personal banking details, social security numbers, and health insurance information. If you don’t act immediately and inform them, there is always a risk of the data breach leading to bad credit reports, angry customers, and furious employees.
Don’t be vague! Even if this security event turns out to be the worst data breach in history, there is really no benefit to keeping it under wraps. These types of events usually come back to haunt your business. It will definitely lead to lawsuits (that you’ll probably lose), the loss of customers, and even your most valued employees.
Anticipate the questions different stakeholders will ask and respond to them in clear, plain language. Ensure that this information is easily accessible to limit their concerns and frustrations.
6. Test Your Cybersecurity Defenses
Once you have addressed what happened and patched and updated your systems, it’s time to find out if your implemented procedures work. In high-stress environments where emotions run high, IT security teams can make mistakes or miss a few things. So, make sure to test your cyber defenses and ensure that your data protection protocol works as intended.
In this scenario, make sure that the method used by the bad actor to gain access to your network can’t happen in the same way ever again. The only way to know is to engage in thorough testing; without it, it can certainly happen again.
If your in-house information security team can’t identify the source of the breach, it’s time to contact a third-party security team for help. An established security firm should be able to clear the noise and find out what happened quickly.
You have to test all the servers and virtual machines during the penetration testing phase of this process. It’s important as these are usually the most vulnerable technologies, and it’s crucial to ensure that the prior vulnerabilities were patched.
7. Update Data Breach Protocols
Once the dust settles, go over your data breach response plan and update the protocols used accordingly. If your staff was aware and responded as intended, you won’t have much to do. However, if employees aren’t ready for these types of security events, you need to take steps to train them.
Most businesses that haven’t fallen victim to a data breach are complacent, and a security event often catches staff off guard. If a data breach occurred years prior, you should set up new procedures that reflect the current threat landscape and train staff accordingly.
No matter what you do, even if you follow cybersecurity best practices religiously, there is always a risk of another data breach. Even Equifax, one of the nation’s leading credit bureaus, had to pay hundreds of millions of dollars in a data breach settlement.
As cyber-attacks grow exponentially, many insurance companies are now offering cyber insurance. As such, you might want to look into cyber liability insurance to help pay for potential losses and settlements to those with compromised information.
As you might have guessed, learning how to protect yourself once a data breach occurs is far more expensive than adopting early preventative measures. The long-term consequences of a security incident can be significant, and some small businesses even go bankrupt.
So, it’s worth making an effort now to proactively secure sensitive data than take a reactive approach to cybersecurity. Adopt cybersecurity best practices, including the zero-trust security model, real-time monitoring, endpoint detection and response, and fortify your infrastructure.