LUTZ BUSINESS INSIGHTS
What to do if your business suffers a data breach
MATT LONGENECKER, tech director
Data breaches are becoming more common and increasingly expensive. Once your business suffers a data breach, you may spend a considerable amount of time and resources trying to restore customer confidence and recover lost revenue. This is why it is important to prepare your business for the unexpected. So, how do you respond if your business suffers a data breach? Here is what to know.
1. DETERMINE THE TYPE OF DATA BREACH
Once you have confirmed that a breach has occurred, you should start by investigating the incident. A thorough investigation will help you determine the type of data breach, whether sensitive information was exposed and the type of data that was compromised. Knowing this will help you understand the steps to minimize the damage and prevent similar attacks from happening in the future.
When assessing the breach, take time to identify the people who have access to the affected systems. Also, find out the origin and scope of the breach. How was it initiated? When did it happen? What computer systems and applications have been affected? Lastly, identify all the victims of the attack.
You will also need to close any potential gaps that could be exploited in future breaches. Ask yourself:
- Did an employee accidentally send out or steal sensitive information?
- Did an attacker compromise your network and steal information?
For assistance, consider hiring a qualified professional to assess how the breach occurred and help protect you moving forward. There are also solutions that can be proactively installed on your computer systems known as Extended Detection and Response (XDR). An XDR solution can provide visibility across your network about how the breach occurred and where it is still active.
2. CONTAIN THE INCIDENT
A critical part of your incident response plan should be eliminating the threat. Here, you will need to act swiftly to contain the breach. This will stop the attack from spreading, effectively ensuring other servers and devices do not get infected. Indeed, a slow response to a data breach can lead to bigger and more serious problems for your company. Because the nature of data breaches varies widely, you should consider working with outside counsel to determine the next steps.
When looking to contain a data breach, there are several immediate actions you can take to prevent further damage. These include:
- Referencing your XDR solution to help determine systems that should be contained.
- Disconnecting affected systems from the network to prevent further data loss or spread, if possible.
- Disabling remote access capability like VPN and potential wireless access.
- Ensuring both onsite and offsite backups are disconnected from your compromised network.
- Retrieving and restoring an uninfected backup copy of important data to a new network.
In the end, the right expert will effectively handle the more complex containment and ensure your network is properly secured against both current and similar future attacks.
3. MITIGATION STEPS
After the data breach has been contained, you will have to improve your security posture. This will go a long way in helping to reduce the overall risk that your business is exposed to. Apart from continuously monitoring your network to detect threats, below are some tips to prevent data leaks.
a. Change passwords
Changing and strengthening your passwords will not only contribute to the cessation of an ongoing breach but also make it more difficult for hackers to access your network. Apart from implementing complex and secure passwords, you should avoid using the same passwords on multiple systems.
b. Enable two-factor or multi-factor authentication
Making sure you have an added layer of security is a simple but effective way to prevent unauthorized access. For example, a username and password are considered a single form of authentication. Two-factor and multi-factor authentication will greatly improve security of your systems by requiring you to enter an additional code from an application on your phone or a text message. This makes it nearly impossible for an attacker to gain access to these systems.
c. Enable geo-blocking
Geo-blocking restricts access to your networks and computers from certain locations. Restricting access from foreign countries is a great way to protect your digital assets and improve cybersecurity.
4. REMEDIATION STEPS
Your continuity plan will not be complete without including ways to remedy the situation. Taking the appropriate remediation steps will allow you to resume your operations sooner and more securely. Here is what you need to focus on.
a. Do systems need to be rebuilt?
You should work with professionals to establish whether your systems need to be rebuilt. The experts will assess the damage before recommending the right course of action to take. In case you have to rebuild your systems, all vulnerabilities that could lead to future breaches should be fixed.
b. Reexamine your security measures
To keep attackers at bay, you must determine what action you can take to prevent data breaches in the future. This may include updating software regularly, conducting employee security awareness training, and completing regular audits on security posture. Using a conditional access solution is a great way to limit the access to your valuable data. You may also want to implement a Data Loss Prevention (DLP) solution to prevent data from leaking on to untrusted systems.
Want to protect your business against cybercrime? At Lutz Tech, we provide a range of smart technology solutions to help you keep things running smoothly. Feel free to contact us if you have any questions or want to learn more about our services.
ABOUT THE AUTHOR
MATT LONGENECKER + TECH DIRECTOR
Matt Longenecker is a Tech Director at Lutz with over 22 years of experience in technology. He is responsible for meeting with outsourced IT clients to develop a plan to resolve their technical issues. This includes designing a solution plan, presenting a proposal, and managing the technical support staff to implement the project.
AREAS OF FOCUS
- Project Planning & Implementation
- Outsourced IT
AFFILIATIONS AND CREDENTIALS
- Microsoft: M365: Enterprise Administrator Expert, MCSE - 2012, MCSA - 2012, MCITP: Enterprise Administrator - 2008, MCITP: Server Administrator - 2008, MCSE - 2003, MCSA - 2003, MCSE - 2000, MCSA - 2000, MCSE - NT 4.0
- Citrix: CCP-V, CCA-V, CCEE, CCEA-XP, CCA-PS 4.0
- VMware: VCP-DCV 6.5, VCP-DCV 6, VCP-DCV 5, VCP-DT 5
- BS in Management Information Systems, Bellevue University, Omaha, NE
- AAS in Computer Programming Technology, Lincoln School of Commerce, Lincoln, NE
- AAS in Information Technology, Lincoln School of Commerce, Lincoln, NE
SIGN UP FOR OUR NEWSLETTERS!
We tap into the vast knowledge and experience within our organization to provide you with monthly content on topics and ideas that drive and challenge your company every day.