Cyber breaches are getting more and more common these days. If you are running a business, the chances are that you will be a victim of at least one breach in the lifetime of the business. The likelihood of a breach increases if you work in the financial sector. Finance being the favorite area of all kinds of criminals, cyber or otherwise, the number and frequency of cyber attacks on your business already surpass that of almost all the other industries. Given that you are highly likely to get breached, you should have a strong Incident management and disaster recovery plans. But with all these things in place, what should you do once you discover the breach? Here are key steps to take when the eventuality happens:
1. Do not panic: Panic is a natural reaction to any incident, but panic reactions cause mistakes and only add to the mayhem. They also do not help in instilling confidence in others about your ability to handle the situation. Now that the incident has occurred, it cannot be undone. The response to incident needs to be orchestrated. Staying calm and level headed is essential to respond to the situation in the best possible manner.
2. Initiate Incident management/Disaster Recovery Plan: All security certification, regulation, industry standards require that you should have a well designed and well-documented incident management and disaster recovery plan. You should have rehearsed the plan in simulated situations. Now is the time for real execution of the plan. Follow the drill to ensure no steps are missed and minimize further damage. Take realistic and rational calls where judgment is needed. Do not bypass any incident management procedure. These plans are designed specifically for the situations where brains may run amok in panic. Trust them.
3. Communicate: When something goes wrong, anyone who is impacted by it wants to know what is happening and what is being done about it. Ensure that key stakeholders get clear communication about what happened, what’s being done about it and what should they do. Be clear, transparent and open about the incident. One of the major issues with breaches is the spread of rumors. You must kill the grapevine. Being honest and transparent is the best way to achieve it. Communicate with the following people at the very least:
- Employees: Employees must know their roles and responsibilities and ‘what not to do’ during an incident. If you do not want them to speak to anyone about the incident, tell them why and be honest about it. Remember, they are your greatest asset in tackling this crisis. Trust them and involve them in crisis management.
- Partners: You have data links with your partners such as banks, card partners, credit institutions, and other financial service providers. It is highly likely that they too might get impacted due to this breach. Tell them about your breach so that they can take precautions and corrective actions on their end.
- Clients: It is always wise to inform the customers of the breach so that they may be vigilant about suspicious activities with their accounts. If they need to take any actions (such as change their passwords), they should be informed sooner than later.
- Regulators: Follow the communication with Government agencies and regulators as required by them. Not following the regulation will only increase the legal hassles and losses for you.
4. Switch to backup servers: You should have been maintaining backups. Switch to last safe known backup. Apply transactions that are recovered from various sources. Apart from your primary database, transactions should have been being logged in customer communication, partner communications, and other logging systems. Be methodical about updating transactions. Try to identify at what point, and at what transaction the breach occurred. And remember, make a copy of the backup, just in case the recovery fails, and you need to start again.
5. Preserve everything: Save everything that happened at the time of the breach. All logs, all events, all database snapshots, all network traffic information, all network connections, This will help the forensic engineers to uncover where and how did the breach occur. It is vital in identifying the culprits and for future precautions that need to be taken.
Data breaches, intentional or unintentional are unavoidable even with the best of technologies. Being prepared to handle the crisis, is the best thing to do. Being honest and direct in your communication about the breach not only reduces the stress of hiding the information, but it also helps your partners to secure themselves while they still have time and build your reputation in the process.