You’ve worried about it for a long time, and now it’s happened: your data (e.g. client contact info, credit card numbers, employee social security numbers) has somehow jumped the firewall. Your first instinct is to panic, but then you remember that you’ve got a plan in place to deal with this. (You do have a plan, don’t you? If not, read this post on how to do it.)
Once you’ve discovered the breach, your actions in the first day will greatly affect how effective your efforts are to contain the damage. Imagine a team of firefighters flying down the pole and leaping into their trucks. (You probably don’t have a pole, but you should have that sense of urgency.)
Start by alerting everybody on your response team, including outside resources. You’ll want to cordon off the area where the breach occurred, just to keep things from getting any worse, and to preserve evidence in case there are legal repercussions.
Take the affected machines offline and replace them with clean ones. (Keep the affected machines on and ready for inspection by your IT team.) Interview whoever discovered the breach, as well as anybody else who might know how it happened. Talk to your legal counsel and, if advised to do so, contact law enforcement.
With those responses launched, you can move to the next phase, in which you can more closely inspect the issues that caused the breach and begin notifying affected parties.
As you deal with the situation, be sure to document the process. Having a record of your response helps in a number of ways. First, it can aid your legal team in case there is litigation. In addition, it can help you improve your response plan in light of the experience you gained in the heat of the incident.
The greater effort you put into notifying affected parties, the better off you’ll be. Notification is required by law in North Carolina, and in many other states. Your attorneys can guide you as to methods and timing. Usually, a notification must be written in language understandable to non-technical people; it must offer a phone number and web page with information for those who want to know more; and offer advice on how affected individuals can regain their security.
If your company is in the healthcare industry (and therefore bound by HIPAA regulations), your response to a breach is even more consequential than it is for other businesses. The rules surrounding Protected Health Information (PHI) were recently strengthened. Now, healthcare providers can be liable even if a leak of PHI would not significantly harm the affected individuals. So having a robust plan and executing it skillfully is essential to protecting your firm from disastrous liability.
We hope you’re not reading this post in the anxiety-ridden aftermath of a breach. Our fondest wish is that you were just interested in the topic, and that in the course of reading the post you have decided that it’s time to conduct an audit of your plan, or get a plan in the first place. Of course our Valdosta managed service provider team we can help you with either of those activities, but regardless, it’s something you should really do today. We don’t like sounding like scolds, but you may someday be glad you heard us.
Forty-three percent of attacks are aimed at SMBs, but only 14% are prepared to defend themselves (Accenture).
The internal team was energized. With the Level 1 work off its plate, the team turned its attention to the work that fueled company growth and gave them job satisfaction.
40% of businesses will incorporate the anywhere operations model to accommodate the physical and digital experiences of both customers and employees (Techvera).
It takes an average of 287 days for security teams to identify and contain a data breach, according to the “Cost of a Data Breach 2021” report released by IBM and Ponemon Institute.
The average cost of a data breach in the United States is $8.64 million, which is the highest in the world, while the most expensive sector for data breach costs is the healthcare industry, with an average of $7.13 million (IBM).
More than 33 billion records will be stolen by cybercriminals by 2023, an increase of 175% from 2018.
The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”.
The three sectors with the biggest spending on cybersecurity are banking, manufacturing, and the central/federal government, accounting for 30% of overall spending (IDC).
We did a proof of concept that met every requirement that our customer might have. In fact, we saw a substantial improvement.
We did everything that we needed to do, financially speaking. We got our invoices out to customers, we deposited checks, all the things we needed to do to keep our business running, and our customers had no idea about the tragedy. It didn’t impact them at all.
“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”