Oh crap! This time they got in.

Digital and cybersecurity is an ongoing process.   Every day there are changes to the way that you do business as well as the way the forces outside are attacking you.   A system that was secure like a bank vault, six months ago, could now be wide open.   This is the nature of cyber security, technology and human nature and as an organisation you need to keep this in mind.

What can you do to protect yourself?

There are a number of things that you can do to make sure that your systems are as safe and secure as possible.

 Check

A regular check on your business web site and network needs to be carried out regularly.   This should be done at least twice a year.   What you are looking for is changes in the web site, network components and making sure that those changes have been done by authorised people.   Organisations with eCommerce sites have the added responsibility of protecting their client and customers personal and financial information.   Make sure that all users only have access to components of the business that they need to have access to for their job.   Also make sure that you have a process in place for removing and adding users as they come and go through the organisation.

 Patch

Patch your software and hardware components regularly.   You need to do this regularly, at least once a month.   If you have deployed Microsoft products then this is done regularly through updates.   Because this is happening make sure you also check other operating systems and hardware.

 Educate

Teach your staff.   Normally your first line of defence is your staff, not only because they see things but mainly because they see changes to the systems they are using.   Comments like ” my computer is really slow today” can be a major sign that there is a problem.   Regular training and education can also hone this to a fine edge.

 Audit

Check logs regularly, – you have turned on your logs, haven’t you?- this can show you that something is happening within your environment.   This should be done daily if possible.   An intrusion detection system can also help in defining if you are under attack.

 What you can now do after you have been breached.

You have done everything correct but you have still been compromised.   What do you do now

In the words of Douglas Adams – don’t panic

In most organisations this is NOT the time to panic.   Cool heads and your business processes should work through the situation and define what has been accessed, how much of an impact the compromise is going to have on both your business and your clients and finally how much information has been copied or removed and by whom.

Read the logs

Your audit track will help define what has been compromised and what has been stolen.   The logs will also tell you how they gained access and what information has been compromised.    you can use this information for reporting as well as defining what security components needs to be increased.

Patch the vulnerability – ASAP

If the attackers have gained access through an exploit.  Remove it by either patching the hole or replace the way it has been accessed.   If your attacker has come in through something that has not been done before then also talk to the manufacturer or report it to the software creator.   Get a fix for the problem somehow.

Inform the required authorities.

When your system is breached their is no use in trying to hide it from the authorities.   If a breach is not reported and the authorities find out about it from other sources then there’s 2 problems – you could start to loose your customers and you will have a major investigation on your hands while the authorities pick over your business.   Invariably when this happens there is also adverse press to worry about as well.

Check if the breach is covered under your insurance.

In some situations you maybe lucky enough to have the breach covered under your insurance policy.   The insurance holder will require you to justify the breach.  If you have all of the correct procedures and policies in place you can prove that you have done your due diligence and protected the business as well as can be.

No matter what size your organisation is a security breach can be a frightening occurrence but it need not be business or career ending.   What you do after a security breach will define your organisation.   It will show how resilient your business is to attack and how you have coped with the situation.

Related Information

Roger Smith

View posts by Roger Smith

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.