4 Steps to Take After a Security Breach

Security concerns should be a priority for businesses of all sizes. Hackers are more focused on finding security loopholes than on the size of the business.  Most small to mid-sized businesses (SMBs) tend to not make security as much of a priority as larger, enterprise level companies do, thus making SMBs a perfect target.  A total of 60% of all online attacks in 2014 targeted small and midsize businesses, according to Timothy C. Francis, enterprise leader of Cyber Insurance at Travelers. The less loopholes a hacker has to jump through, the better. Many are of the mindset that proper security is too costly and believe that they are too small to be hacked therefore, the risk is limited.

SMBs do not tend to make headlines when a breach occurs, like we have seen with some larger companies such as LinkedIn, Target Stores, Anthem and let’s not forget Ashley Madison, to name a few. The media only cares about big businesses but hackers do not discriminate.  So what constitutes a data breach?  Tech Target defines a data breach as “an incident in which sensitive, protected, confidential data has potentially been viewed, stolen, or used by an individual unauthorized to do so. Data breaches may involve payment card information (PCI), personal health information (PHI), personally identifiable information (PII), trade secrets, or intellectual property.”  According to the Identity Theft Resource Center, there have already been 687 reported breaches as of September 20, 2016 exposing 28,795,464 records.  No one business or person is immune.

A data breach can come in many forms, whether it’s a physical break-in or the simple act of opening an email attachment, to name a few.  Security is extremely important to all businesses in protecting important data/company information and the infrastructure overall.  The damage to an SMB can be the demise of your business.  According to the 11th Annual Cost of Data Breach Study conducted by the Ponemon Institute, the cost of a data breach grew from $3.8 million to $4 million with the average cost for each lost or stolen record containing sensitive information increasing from $154 to $158.  What if you survive the cost and get your business back up and running, how do you repair a damaged reputation?

My Systems Have Been Compromised, Now What Do I Do?

Work collaboratively with your IT Managed Services Provider (MSP) and/or your internal IT staff member to establish next steps by putting an action plan in place.  It is important to immediately determine the root cause of what occurred, what files/systems were compromised and where the security holes exist in your environment.  It is vital that they fix the problem, test the solution and get your systems up and running. Below are 4 key steps to take after a security breach.

Communicate, Communicate, Communicate

Once an incident occurs, communication both internally and externally needs is vital.  Employees must alert the appropriate staff if they clicked on a suspicious email and/or attachment that could have compromised your systems.  Have you heard of Ransomware or Phishing Attacks?

Ransomware

A number of SMBs are impacted by malware schemes, which take many forms.  Malware takes many forms, with the most common known as ransomware.  Ransomware has the ability to take over your systems and files.  When it hits, it will lock everything down. Once it’s locked down, the cyber criminals will demand payment in an untraceable currency, such as Bitcoin. The demand usually has a time frame in which you need to pay, say 24 hours. Ransomware comes in multiple forms including, but not limited to Cryoptolocker and “Locky.”  Click here to uncover the top five ways to safeguard your business against ransomware.

Phishing Schemes

Spear Phishing is a scam and you are the target. It is an email that appears to come from a business or someone that you know, but in reality, it is malicious in form and seeks to obtain sensitive information (bank account numbers, passwords, financial information, etc.). Whaling uses e-mail sent from spoofed or similar-sounding domain names to make it appear as though these emails were sent from senior executives of a victim’s company.  Learn more about the guidelines and general rules to follow to stay protected and avoid these damaging attacks. There are a number of ways in which systems can be hacked, some we are not – yet – aware of today.

In addition, if any breach occurs your clients/customers must be made aware immediately as their data may also be compromised.  It is important to educate your clients on what occurred, how it is being rectified and how this impacts them, if at all.

Up your Bet in Security

There are a select number of people/groups out there that make it their mission to “beat the system.”  These cyber criminals are actively looking for new ways to bypass protected data to obtain “sensitive” information.  They are a threat and your company and employees and you must make it as challenging as possible for them to break in.

Security needs to be a priority.  It is understood, that you may have experienced a loss with your recent breach and you may not have the capital to make a large investment in security.  Robust firewalls and anti-virus/anti-malware and encryption software are essential to the front lines of defense.  If you purchased your firewall at Best Buy, it is time to upgrade.  Software must be up-to-date and passwords must be changed regularly.

Establish and Implement New Internal Policies

Employees must be educated on current events related to “hacking,” that are impacting businesses today so they are aware of what to look for. These include ransomware and phishing schemes as mentioned above. They must be made aware of how important it is to protect their personal information and company data, especially in the times of “Bring Your Own Device” (BYOD).  If a device is lost or hacked, employees must report any incidents immediately as failing to do so will put everyone involved at risk.  There are Mobile Device Management (MDM) solutions available that can “wipe” systems immediately as needed so your information is not left in the wrong hands.

Know Your Regulatory Requirements

Does your company need to adhere to PCI or HIPAA compliance regulations?  If you experienced a breach you must know what the regulatory requirements are when this occurs.  You may be required to notify the state on the nature of the breach as well as your clients. Once your clients are alerted, it is best practice to set up a direct line of communication to your organization so their questions and/or concerns.

If you have not experienced a security breach, it may only be a matter of time.  All businesses are at risk, and you must be prepared to come back from a breach.  If you are concerned about the security of your organization contact The TNS Group today and give any hacker a run for their money.

By:  Peter Fochi, Engineering, The TNS Group