You’ve been hacked. Now what?
What should a company do after it’s been hacked? It’s a question Target, Home Depot, Sony Pictures Entertainment and others have had to ask over the past year or so. And it’s likely that other organizations will be facing the same question over the coming months.
Here are six key things to do after your company has suffered a security breach by a hacker.
1. Keep cool and implement a coherent response plan.
The first thing to after you are hacked is to implement your well-thought-out incident response plan. Assuming you have one. If not, you need to quickly put one together.
The plan of attack needs to include who should be in charge of the overall response effort, who else should be involved, what actions should be taken by which groups, which technology tools are needed for timely detection and rapid response, etc.
The plan should include determining the extent of the breach, identifying what data was compromised, deciding how best to work with the legal department to determine if disclosure to law enforcement and other authorities is required, figuring out how the attack compromised the organization as a whole, and performing damage assessment.
Typically, organizations should try to isolate or control traffic flow to minimize any further damage from the attack. If an adversary breaks in once, they will break in a second time if you don’t take the time to fix the problems. Once the exposures that were used to compromise the system are fixed, the focus turns to recovering the data and getting the systems back up and running and verify the systems before they going live. Once the systems are verified, monitor them to make sure the attacker does not get back in.
2. Pull together the incident response team.
The team should include IT, business leadership, human resources, public relations, legal and operations.
You may wish to retain a breach coach, a lawyer with experience in security and privacy compliance issues, to assist in your defense and the interpretation of various state and federal regulations that may have been triggered following a data breach event.
3. Work with vendors and security experts as needed.
Many times companies will need the help of key vendors and security consultant firms to identify the cause of the breach and ensure that further attacks are stopped before they can do damage.
4. Deal effectively with legal concerns.
After there’s been a hacking incident, IT, security and other senior executives should meet with corporate and external legal teams to discuss the potential implications.
Remediation of the problem might take a while because the root cause of the hack might not always be readily apparent, and companies need to take care to preserve any evidence.
The legal concerns are centered around potential government investigation, whether on a federal or state level; and making sure that under the relevant breach notification statutes stakeholders are informed, as well as business partners.
5. Cover your insurance bases.
Following a breach, notify your agent and claims representative as soon as possible. Data should be categorized to understand whether personally identifiable information such as Social Security numbers or medical records; financial information or other confidential data was compromised.
6. Keep the lines of communication open.
It’s important to keep employees, customers, business partners and other interested parties up to date on what’s happening with regard to the attack, its impact and the organization’s response. Silence can imply incompetence, confusion or worse.
Along with effectively communicating, companies need to consider the psychological impact of a hack attack on employees and customers, especially if it involves a violation of emails or personally identifiable information.
http://www.computerworld.com/article/2887363/you-ve-been-hacked-now-what.html?phint=newt=computerworld_data_management&phint=idg_eid=2bb689d07643a520469baa93e05ca014#tk.CTWNLE_nlt_datamgmt_2015-02-25
