Many businesses are well aware of the risks associated with data security and as such, have invested a great deal to prevent data breach. However, multi-national companies like Gmail, Target, Facebook and even PayPal have experienced massive security breaches in the recent past. These have proven that lack of security measures results in infallibility to breaches. And while you may not be able to fully prevent security breaches despite your best efforts; it’s important to have an action plan for after a breach occurs. With that in mind, let’s discuss a few things that you should do if your computer security is breached.
Take your servers offline
Even before accessing the extent of damage, you should ensure that your serves are shut down or at least offline to prevent any further breach of data. Change the important credentials and if you can’t take down all servers, shut down what contains the important stuff. If you have to give some of your employees a few days off, then do it until you figure out how large the breach is and what happened.
What is the weakest link?
Regardless of how many identification methods you impose or how strong the IT security, the weakest link will always be your employees. Tough truth, right? This is tough for many to accept but consider this – who can tell whether or not your employees will open an attachment or click on links they receive in emails? Downloading malicious documents or installing suspicious software is all it takes for a hacker to access your system. Try to identify where the breach came from as you can’t really solve a problem without getting to its roots.
Access the extent of the damage
Keep in mind that an external attack from an outsider may not mean much if you run a cake shop. Things are a whole lot different if you run an online retail shop. Every attack has a different type of impact. As such, you need to consider more than just technical costs that come with identifying and fixing a breach. The loss of business and productivity should also be taken into account when accessing the extent of damage resulting from a computer security breach.
Remediate the problem
Now that you know the source of the problem and fully understand the extent of the damage, the next step is to fix the issue. While many experts recommend not touching anything until a forensic team has been called in, you may need to get involved if the breach is actively hurting your business. This may mean disconnecting a server or mobile devices from the network. Having trained experts in your Computer Security Incident Response Team helps a great deal when a breach occurs. If you have a small business, however, it’s best to wait for the experts.
While it may not seem important, documenting everything that pertains to a security breach helps build evidence against the perpetrator. External attacks are often documented automatically through security information management tools and log files from firewalls. Everything from an intrusion to steps that were taken to put a stop to the attack is documented. Inside attacks are hard to track unless someone identifies suspicious activity. This is where documenting the behavior of the system, even when not under attack, is important.
Develop a strategy to prevent the next attack
The most important thing is to learn from your mistakes and come up with a plan to combat any future attacks on your computer system. Do you need to upgrade your mobile security solutions? Do you need to involve to