Security Incident Cheat Sheet
In case of a data breach, ransomware attack or similar there are some steps to follow
Step 1
A cyber attack can certainly be classified as a disaster scenario and a clear mind is needed to navigate to a solution. Oncey you and your team adopt a problem solving attitude you will be able to respond to the breach in a logical and organized way.
The main point is “DON’T PANIC”
Step 2
If a cyber attacker demands a ransom it may be tempting and easier to pay it to regain control of your network but oftem times it may lead to future attacks so “DO NOT PAY A RANSOM”.
I would say just pay a ransom if there is no other way to recovery your data but if you don’t have any secured backup I have no pity for you!
You could also invest in an Endpoint Detection and Response solution that can stop ransomware before it can be executed.
Step 3
Now it’s time to form a response team as to address any damage caused by the cyber attack you will need a capable and experienced response team. You team should be comprised of IT staff members either contracted or in-house who will investigate the attack and work to resolve it.
HR should be included if your employees haved been impacted by the attack. Public Relations representatives should be included to best explain the attack to your customers. Always includ legal counsel since breaches can have a number of legal implications.
Step 4
So let’s see your backup which is hopefully available and undamaged from the attack (that is why offline backups are often very important). If this is the case switch to them immediately. The biggest reason this step fails is because it is often forgoten to test the data restoration process.
If you don’t have any backup solution like I wrote I have no pity for you! Avoid switching off all your servers and workstations even if it’s a good temptation but this won’t stop or fix your damage.
Step 5
If your organization is hit with a cyber breach, it is imperative that you minimize the number of affected systems. You will need to isolate where the breach occurred and stop it from infecting other systems. Once the breach has been suspended you response team can test other portions of the network to see if they have been compromised as well.
Step 6
Now it is time to investigate. Upon investigation you may find that the damage affects numerous portions of your organization. HR response team members will need to be address any impact on your employees. If your customers or the public were affected PR staff will need to control the damage done to your reputation. The attack may even cause legal ramifications and as such your business’s lawyers may need to be involved.
Step 7
After all that you should also contact your clients. The PR memebrs on your response team need to reach out to call clients who have been impacted by the breach as soon as possible. For security purposes your clients may need to change their passwords and/or PIN numbers if their private information was compromized.
Step 8
As your response team is investigating the attack ensure that they are documenting both their process and their findings. From this evidence you will be able to ascertain the vulnerability that allowed the attack to be successful and thus fortify it going forward.
Step 9
As last step I think it’s sure that you are looking to prevent future attacks.
If your team is unable to effectively secure your organization’s IT you may need to partner with an outside cyber security company. Outsourcing your cyber security needs to an Managed Security Services Provider (MSSP) can be cheaper and the are often more effective than most IT teams.