It seems as though every spy thriller made since Ian Fleming romanticized the Cold War has been about nefarious persons stealing data or hacking into extremely important computer networks to meet their dastardly deeds. It’s no wonder, either, as cybersecurity has become one of the top security concerns (pun intended) virtually around the globe as multibillion-dollar corporations, organizations and even governments fall prey to malignant hackers. The United States government has even dedicated a whole month to the preach and practice of cybersecurity awareness.
Data breaches and cyber-attacks are more commonplace than ever before, and they aren’t always reported to the public. Even worse, oftentimes they are reported, but years after the fact. Take the data breach that crippled Google+, a bug that affected “an API that was accessed by hundreds of developers… active between 2015 and 2018.” As a result of this breach, Google exposed the personal information of “hundreds of thousands of users of its Google+ social network.” Though sensitive details such as name and email address were exposed, Google maintains that the bug was entirely internal, that there was no evidence to suggest any malignant actor intervention… which is also the reason why we’re only hearing about this for the first time now, in 2018.
As much as we fancy ourselves a fortress of cybersecurity and network fortitude, data breaches happen. Companies and their reputations can be made or broken by how they respond to these data breaches. Keep reading for our guide on how to do it right.
Have a plan for responding to a data breach.
Data breaches can happen to any organization, of any size, in any industry. When it comes to protecting your network and data, be a pessimist. Believe in Murphy’s Law. Have a plan for when the worst (inevitably) happens! Business continuity and disaster recovery isn’t just a component of the IT-verse; there are enough protocols and best practices here to constitute its own independent cog in the infosec machine. Whether you create yours with internal staff or outsource to other firms, see that you start the new year with a foolproof plan for what to do when things go wrong.
Determine the damage.
However you have been made aware of a suspected cyberattack or data breach, the first thing to do is conduct a security audit to determine the damage. Get to know your data breach: what happened and why. What inconsistency or bug in your programming lead to this breach, and where did it occur? These are questions that need to be answered in order to fully assess the extent of the damage caused by your data breach. Getting an audit from a certified security firm is the most thorough way to do this.
It’s the oldest phrase in the book: it isn’t the crime, it’s the cover up. No matter the scale of your data breach, be sure to tell all those who are even slightly affected by it: your employees, your members, your shareholders and everyone in between. Be transparent with them about what happened and your findings from your security audit. Tell them what you are doing to remedy the situation, any action steps they themselves can take to further help, and the safeguards you are putting in place to ensure that it never happens again.
Learn and move on.
Maintain a relationship with your security firm. In fact, keep them on standby. Consider conducting a threat hunt or bringing in a hunt team to do so, to seek out additional internal and external threats to your organization’s data. Utilize your new insights that came from this data breach, and your shiny new disaster plan and move forward with increased experience and integrity.
When it comes to keeping your data safe, data breaches are unavoidable threats that can (and will) happen once or twice. However, with the proper response, they don’t have to mean the end of your organization.
Interested in more quick, helpful guides like this one? Take a look at the Secure360 blog!