Author: Ermis Sfakiyanudis / Source: Information Security Buzz
Do not freak out—Follow your plan
While unpreparedness in the face of a data breach can cause irreparable damage to a company, panic and disorganization can also be extremely detrimental. It is, therefore, critical that a breached company not stray from its incident response plan, which should include identifying the suspected cause of the incident as a first step. For example, was the breach caused by a successful ransomware attack, malware on the system, a firewall with an open port, outdated software, or unintentional insider threat? Next, isolate the effected system and eradicate the cause of the breach to ensure your system is out of danger.
Investigate and do not forget to take notes
When investigating a breach, document everything. Gathering information on an incident is critical in validating that a breach occurred, what systems and data were impacted, and how mitigation or remediation was addressed. Log results of investigations through data capture and analysis so they are available for review post-mortem. Be sure to also interview anyone involved, and carefully document their responses. Creating detailed reports with disk images, as well as details on who, what, where and when the incident occurred, will help you implement any new or missing risk mitigation or data protection measures.
Do not be afraid to ask for help
If you determine that a breach has indeed occurred following your internal investigation, bring in third-party expertise to help handle and mitigate the fallout. This includes legal counsel, outside investigators who can…
Click here to read more