The unthinkable has happened: there has been a breach of your data networks. What is the proper response in such a situation?
The following paragraphs are inspired by the FTC article BԪַData Breach Response: A Guide for BusinessBԪַ.
Secure Your Operations
Time is of the essence when a security breach has happened. Amongst the next steps you should take:
Contact Experts of the Field
You should consider hiring a data forensics team who can help you determine the source and the scope of the breach. Once their analysis done, they can indicate to you the steps to take to remedy the situation. You should also contact your BԪַ team to see what is expected of you BԪַly concerning the breach.
Secure Physical Areas
You should secure any areas that are potentially affected by the breach by putting them under lock or changing the access codes to these areas.
Stop Additional Data Loss
Take all breached equipment offline immediately. If possible, replace the breached equipment with clean machines; if not, closely monitor all entry and exit points. Change the credentials of authorized users (new user IDs and passwords).
Fix Vulnerabilities
Service Providers
If the breach occurred at the service provider level, examine what personal information they possess on their end and determine whether your service provider is taking the necessary steps to make sure another breach does not occur.
Analysis of the Breach
As mentioned above, it would be advisable to hire a team of experts to do a full analysis of the breach. Find out if measures such as encryption were enabled when the breach happened. Analyze backup or preserved data. Review logs to determine who had access to the data at the time of the breach.
