Digital and cybersecurity is an ongoing process. Every day there are changes to the way that you do business as well as the way the forces outside are attacking you. A system that was secure like a bank vault, six months ago, could now be wide open. This is the nature of cyber security, technology and human nature and as an organisation you need to keep this in mind.
What can you do to protect yourself?
There are a number of things that you can do to make sure that your systems are as safe and secure as possible.
A regular check on your business web site and network needs to be carried out regularly. This should be done at least twice a year. What you are looking for is changes in the web site, network components and making sure that those changes have been done by authorised people. Organisations with eCommerce sites have the added responsibility of protecting their client and customers personal and financial information. Make sure that all users only have access to components of the business that they need to have access to for their job. Also make sure that you have a process in place for removing and adding users as they come and go through the organisation.
Patch your software and hardware components regularly. You need to do this regularly, at least once a month. If you have deployed Microsoft products then this is done regularly through updates. Because this is happening make sure you also check other operating systems and hardware.
Teach your staff. Normally your first line of defence is your staff, not only because they see things but mainly because they see changes to the systems they are using. Comments like ” my computer is really slow today” can be a major sign that there is a problem. Regular training and education can also hone this to a fine edge.
Check logs regularly, – you have turned on your logs, haven’t you?- this can show you that something is happening within your environment. This should be done daily if possible. An intrusion detection system can also help in defining if you are under attack.
What you can now do after you have been breached.
You have done everything correct but you have still been compromised. What do you do now
In the words of Douglas Adams – don’t panic
In most organisations this is NOT the time to panic. Cool heads and your business processes should work through the situation and define what has been accessed, how much of an impact the compromise is going to have on both your business and your clients and finally how much information has been copied or removed and by whom.
Read the logs
Your audit track will help define what has been compromised and what has been stolen. The logs will also tell you how they gained access and what information has been compromised. you can use this information for reporting as well as defining what security components needs to be increased.
Patch the vulnerability – ASAP
If the attackers have gained access through an exploit. Remove it by either patching the hole or replace the way it has been accessed. If your attacker has come in through something that has not been done before then also talk to the manufacturer or report it to the software creator. Get a fix for the problem somehow.
Inform the required authorities.
When your system is breached their is no use in trying to hide it from the authorities. If a breach is not reported and the authorities find out about it from other sources then there’s 2 problems – you could start to loose your customers and you will have a major investigation on your hands while the authorities pick over your business. Invariably when this happens there is also adverse press to worry about as well.
Check if the breach is covered under your insurance.
In some situations you maybe lucky enough to have the breach covered under your insurance policy. The insurance holder will require you to justify the breach. If you have all of the correct procedures and policies in place you can prove that you have done your due diligence and protected the business as well as can be.
No matter what size your organisation is a security breach can be a frightening occurrence but it need not be business or career ending. What you do after a security breach will define your organisation. It will show how resilient your business is to attack and how you have coped with the situation.