Even when you do everything right with your network security, it’s all too easy to get breached. It just takes one of your employees using their work email address on websites and using that same password to access your network. ADP, Paychex, Gmail, Salesforce, HubSpot, Zoho, Expedia, Orbitz, Verizon, Adobe, Amazon, Staples, eBay, Office Depot, Dropbox, Citrix, QuickBooks, LinkedIn, Facebook and countless others have all been breached, with thousands of identities exposed and stolen.
This is why employee training is so important. It’s not just about what to click on. Your business can easily be breached. It’s important to have a response plan and implement it as soon as you suspect a breach.
First things first: don’t go immediately running into the burning building, only to realize you aren’t carrying a fire hose. In other words, take a moment to gather your wits.
Next, follow these steps.
Stop the Bleeding and Secure Your Operations
The first thing to do is to assemble your breach response team.
Designate a ‘Breach Response Team’
Depending on the size of your company, your breach response team might include legal, IT, sales and finance. Have one member of the team communicate with your managed service provider (MSP). The key is to assign discrete tasks and coordinate between team members. Otherwise, it’s extremely common to find team members accidentally stepping on each other’s toes.
Check your network segmentation
Your network should be segmented in a way that breaches can be isolated and contained at one site or server. It’s essential to check that your segmentation was effective. If the breach is not contained, seal it off immediately before it spreads.
Update user credentials and passwords
Based on the extent and nature of the breach, your response team needs to determine whether your whole system should be locked down. Even if you can avoid a full lockdown, you need to immediately update the login credentials and passwords for every authorized user.
Determine Your Legal Exposure
Now that you have re-established a security perimeter around your network, it’s time to assess your legal exposure.
Determine what information has been compromised
Depending on your industry, location and the type of data exposed, your business might face legal liabilities that require certain actions and notifications. For example, most U.S. states and territories require notification when the breach involves personal information.
If you’re a health care provider, remember HIPAA
In the case of a breach involving protected health information (PHI), health care providers are subject to the Health Breach Notification Rule, which requires you to not delay in notifying the Department of Health and Human Services (HHS).
Consider a free Dark Web scan
The Dark Web scan will identify what exposed records are on the Dark Web under your company domain. Instead of relying on detective methods to identify what records have been leaked, you’ll have the exact knowledge of what information is exposed and can take action quickly.
Notify the Effected Parties
Everyone’s initial impulse is to prevent the news from getting out but, for the sake of your business’s reputation and legal liability, you absolutely do need to notify those parties who will be potentially impacted by the event.
Also, your IT infrastructure is potentially a crime scene, so you need to notify your local law enforcement or, alternatively, your local FBI office.
Unless your state’s laws require differently, your notice to effected parties should include:
- What happened and when
- What information was taken
- What the hackers have done with the information thus far
- What measures you’ve taken to protect the individuals impacted
Additionally, the Federal Trade Commission (FTC) recommends:
- Consult with law enforcement to ensure that the notification does not impede any ongoing investigation.
- Designate a contact person within your company to release information and address inquiries.
- Consider offering a free one-year subscription for identify theft protection and/or credit monitoring to those effected.
Learn from the Experience
As part of your incident debrief, review the experience to determine how you need to update your policies and procedures. This includes reviewing the role your MSP played in protecting you from and responding to the breach. You want to perform a new security assessment so, if you need to switch to a new MSP, this is the time to do it.
Next, don’t waste any time in communicating the lessons learned and updated policies and procedures to your staff in the form of security training. They are going to be most receptive and attentive while the shock of the breach is still fresh.
How a Free Dark Web Scan Helps
If you’ve suffered a breach or suspect you might be at risk, perform a Dark Web scan to see what, if any, data from your business’s data is on the Dark Web.
It’s possible that information may show up at a later time. Once you’ve had the free Dark Web scan, we recommend ongoing monitoring of the Dark Web to immediately detect information associated with your business domain.
85% of businesses with 1,000 or fewer employees have been breached. Many don’t know it. We’re offering a free Dark Web scan so you can know for certain whether or not your business has confidential information on the Dark Web being sold to the highest bidder. Sign up for a Free Dark Web scan.