When it comes to IT security, prevention is undoubtedly preferable to cure. But sometimes, despite everybody's best intentions, breaches happen. According to an article last year from HelpNetSecurity - even the U.S. Department of Energy wasn't immune from being compromised. If this were to happen to your business, you must pick up the pieces as best you can. Here's how:
In this article we address three different types of IT security breaches. For each, we suggest what should be done in the aftermath and a few things that could have been done to prevent the breach in the first place. If it's too late for that, the same list is equally valid as a way to stop a similar breach happening again in the future.
1. Malware Attack
Scenario: Despite the security software and systems in place, one or more computers have become infected with malware.
Remove infected computer(s) from the network immediately.
Perform random checks on other PCs to ensure no cross-infection.
Attempt to establish the source of the malware infection (often a result of a user falling victim to social engineering).
Step up anti-malware defenses (better software and vulnerability scanning solutions).
Educate staff on social engineering methods.
Perform more random scans for malware.
Improve patching for vulnerabilities.
Consider a more reliable Internet security solution.
2. Staff Breach
Scenario: A disgruntled member of the staff has left the company, and subsequently, stolen data or attempted unauthorized access to systems.
Investigate legal avenues to prevent against further breaches.
Ensure all passwords the user may be in possession of are changed.
Notify any individuals whose data may be at risk.
Ensure that staff are contractually obliged to refrain from accessing systems after leaving, with possible sanctions made clear.
Improve internal controls for dealing with staff who leave the company.
3. Data Loss
Scenario: A hard drive containing company or customer information has been left in the back of a taxi, and attempts to locate it have been unsuccessful.
Be honest with all parties who may be affected — don't purely hope they won't find out!
Take steps to change all passwords.
If need be, release a statement explaining details of the breach and the steps that will be taken to prevent a repeat incident.
Minimize or eliminate the need for individuals to carry data on portable storage devices. Consider the use of thin client or cloud technology instead.
Ensure that every device containing data, from laptops to USB keys, is suitably encrypted.
If you've been lucky enough to not yet be involved in a security breach, you would do well to consider the avoidance steps detailed for each of the above breaches. While you may not be able to prevent something bad from ever happening, you can certainly minimize the impact of each serious event. For more information on how we can help you achieve the best possible defenses, visit us online at www.cardinaltek.com or call us at 540-431-4161.