With hacking becoming a commonplace event, protecting virtual assets has increasingly become a problem for businesses. If you have sensitive data, like passwords and credit card numbers on your systems, you need protection in place to keep the wrong people from getting their hands on those things. There’s a lot you can do to keep from being hacked and we’ve talked about how to protect yourself in the past, but let’s say you’ve already been hacked. What do you do? How do you react? How do you recover?
Corey Nachreiner, Director of Security Strategy for WatchGuard Technologies, recommends the following nine step process for companies who have discovered a network breach:
- Forensic examination of breach – Understand the breach details to learn how to clean up and protect yourself.
- Report to authorities, depending on losses – If the security breach was more than just an average malware infection and sensitive date getting stolen, it should be reported to authorities.
- Patch the discovered holes – Plug the initial hole where hackers got into the network, and fix any other weaknesses you found.
- Recover from backups – If systems were infected, a business will need to recover the systems from a backup. Remember, maintaining good backups for business continuity and disaster recovery is a very important part of a good information security strategy.
- Change all passwords – Depending on what systems or networks the attackers accessed, it is possible they could have stolen important passwords. Always force your users to reset all passwords after a major compromise.
- Communicate the breach – The proper internal parties need to be informed of the breach, and you may be required by law to inform your customers of the breach if customer data was stolen.
- Run an audit – Run a full network security audit (either using automated auditing tools, or a professional third party penetration tester) to identify any other problems.
- Update software patches – As simple as it sounds, patching is the best defense against a wide range of attacks. Check the patch level of all your organizations devices and software, and get them all up to date.
- Install missing security and visibility controls – There are many layers of security that many network administrators forget, than can help protect networks from today’s blended threats. A legacy firewall alone is not enough. Businesses also need IPS, AV, application control, reputation services, and many other layers of defense. Take this opportunity to beef up security controls.
If you can help it, don’t let it come to this. Educate yourself, your employees and your users about phishing, malware and viruses, and how to avoid them. Install the software that detects these parasites.
Have you ever had a security breach? How did you deal with it? Let us know in the comments!