While the IT industry has answers to most security problems, there is an urgent need to know how to deal with the aftermath of a data breach. Security and legal experts detail the process of surviving a data breach, which are mentioned below:
• Find the problem and fix it: A data breach can only occur due to a flaw in the security, hence an important first step is to identify it. The affected server(s) should be identified immediately. A disk image of these servers should be made to preserve their state, which should be read-only and secured to protect the chain of custody during a lawsuit. Finally, a containment strategy should be put in place to prevent the compromised server from infecting other servers.
• Form a team to deal with the data breach: It is essential to have a task force who can lead the charge of dealing with the breach and handle communications regarding its progress after it is reported to the legal department and other concerned authorities. As the company needs to appear united in the face of the revelation of the breach, the task force ensures that information about the breach is reported as a concentrated effort.
• Testing the security fix: After the problem has been resolved, the team eventually prepares to lead counter-offensive measures. However, before the breach can be reported outside the organization, it is essential to ensure that the flaw has been resolved. The security team might then need to look into server logs or run penetration tests until the breach is resolved. In addition, there might be investigations to look into the susceptibility of the cloud infrastructure and other infrastructures. A rigorous penetration test is advised to ensure that the fixes put in place are fulfilling their purpose and identify attack vectors that could be used in future.
• Inform outside parties: After the problem is under control, the task force needs to notify the local authorities, and the legal and public relations department. However, the focus in on resolving the breach first. Certain industries, like healthcare and finance, need to report any data breaches within a certain period of time, which could be as little as 24 hours depending on state and federal laws.
• Resolving related issues: Companies eventually have to address the long-term implications of the data breach by resolving any related problems within the organization. While a security flaw can be immediately fixed, remediation could take much longer, as it also involves looking for potential flaws that need to be fixed to prevent another strike in future. The remediation plan should be tailored to the incident and also include employee training and monitoring programs.
In addition, security infrastructure should be continually analyzed, with more penetration testing and remediation. However, it is critical that the breach is fixed and it is reported to the authorities quickly.