Follow these steps on the road to recovery after a data breach
Cybercrimes are happening at an alarming rate: One in four companies can expect to suffer a cyber-attack, costing an average of more than $7 million for every significant breach in the U.S., according to the Ponemon Institute’s 2017 Cost of Data Breach Study. Small businesses have lesser costs – averaging $36,000 to $50,000+ per breach – but many of them can’t afford this number. Last year, ransomware attacks on businesses increased from once every two minutes to once every 40 seconds.
It’s just a matter of time until one of these persistent and increasingly sophisticated hackers slips past even robust cybersecurity measures. With that in mind, a thorough incident response plan is key to helping companies contain breaches quickly and prevent the damage to their reputations from becoming catastrophic.
Loss of market confidence can be devastating to businesses after a cyber-attack: 76 percent of Americans said they would abandon brands after multiple data breaches, according to a 2016 survey by independent marketing research specialist Vanson Bourne. For smaller companies, it may only take one breach to lose a critical mass of customers: 60 percent of businesses suffer losses so great they are forced to close their doors after a successful cyber-attack.
Of course, customer churn isn’t the only consequence companies may face after a breach. New York’s groundbreaking cybersecurity law, 23 NYCRR 500, threatens hefty fines against businesses that report to the state’s Department of Financial Services (DFS) for failing to follow specific guidelines after an attack. Mandates include having a detailed incident response plan in place and evaluating and making necessary changes to that plan after every
failed or successful cyber-attack. The law also requires companies to report cybersecurity events within 72 hours that have “a reasonable likelihood” of harming any material part of their normal operations. Taking too long to make critical response decisions can make cyber-attacks worse, but panicked, knee-jerk reactions can also cause significant harm. Following these steps can help your business minimize damage in the unfortunate event of a data breach.
- Assess the situation Once a breach is confirmed, it’s crucial to quickly identify the root cause of the attack and the extent of the damage. The Federal Trade Commission’s (FTC) Data Breach Response guide suggests assembling a team that includes experts in forensics, law, cybersecurity, IT, operations, human resources, communications, investor relations, and management.Properly implemented audit trails will play an important role in forensic reporting and help you identify vulnerabilities that need to be addressed after the attack. Your initial investigation should target: when the attack took place, what type of attack occurred, what records were affected, and who the victims are. Having these facts will help you formulate the best response.
- Block further damage Companies without best cybersecurity practices in place often do not identify data breaches for at least 200 days after they occur, according to a 2016 Joint Technology Committee report. Unfortunately, such delays are costly – every record that’s lost during an attack costs companies an average of $141, according to the Ponemon report. The FTC guide recommends taking affected equipment offline as soon as a breach is confirmed, but urges companies not to turn the machines off until they have been examined by forensic experts.Other important steps include: separating sensitive data from the network, resetting passwords and credentials impacted by the breach, uninstalling and reinstalling compromised files, disconnecting affected hosts, applying necessary security patches, and removing any files installed by the hack.
- Make sure your backups are up-to-date. After a cyber-attack occurs, there is a good chance you will have to do a restore from your system backups. Now isn’t the time to realize your company has neglected to back up important data. Make sure your staff is doing this regularly so you don’t lose your most recent information.
- Investigate the cybercrime. Try to get an accurate picture of the server when the attack occurred; in the form of a backup, for example. Check to see if preventive measures like encryption were being used – if not, be sure to enable them to prevent future incidents. Other forensic data could include analyzing backups, checking recent additions to the system, and identifying what users were in the system when the attack occurred.
- Inform your customers right away. Recent headlines are filled with reports of companies whose business plummeted after they failed to handle data breaches properly. Yahoo had to slash its sale price to Verizon by $350 million and was slapped with an enormous class-action lawsuit after it took five months to confirm that 500 million users had their data stolen. Three months later, it disclosed a second breach that had impacted 3 billion users – the largest data breach in history.Learn this lesson from Yahoo’s mistake: if a cybercrime occurs, be honest with the public and do it quickly. Marketing and PR professionals can help you prepare a comprehensive response plan before a breach occurs that is designed to reach all affected audiences – employees, customers, investors, and business partners. Insert current information about what happened, the steps you’re taking to help the victims, and what you will do to better safeguard data in the future. Don’t make misleading statements and don’t omit details that could help consumers protect themselves. Fast, open communication will go a long way toward keeping you ahead of the loss of goodwill that follows a breach.
- Notify the proper authorities. Establish a relationship with your local law enforcement offices before cybercrimes occur. If your local police aren’t equipped for cybercrime investigations, contact the FBI, the Secret Service, or the Department of Homeland Security about cybersecurity incidents. Remember: the sooner an investigation starts, the more effective it will be.You also must stay on top of government regulations about reporting data breaches. New York’s new cybersecurity law mandates that financial companies report incidents within 72 hours to NYS DFS. Federal requirements vary: The Securities and Exchange Commission requires that companies disclose “material” cyber-risks and intrusions to investors. HIPAA mandates that breaches of most electronic health information be reported to the U.S. Department of Health and Human Services and, in some cases, the media.Be sure to communicate to the public that you are working with law enforcement to identify the perpetrator. Not only will it reinforce the idea that you are doing everything you can to prevent future attacks against your company, it shows that you are trying to prevent consumers from being impacted through other businesses as well.
- Take steps to help the victims. Offering to provide credit monitoring services to customers impacted by an attack demonstrates great customer service and can help repair relations. It also weakens legal claims that consumers were harmed by the breach. It’s also a good idea to provide information about what other steps people can take to protect themselves and provide that contact information.
- Don’t lower your guard. Clever hackers can install a “back door” into your system and wait for you to lower your guard after the initial breach. It’s important to continue monitoring affected systems.
- Implement a plan to avoid future attacks. Now is the time to pinpoint and strengthen the vulnerabilities in your system that enabled the data breach. Perform reviews with relevant employees and consider hiring a reputable cybersecurity provider to implement the best cybersecurity practices for your com Hiring online security experts can lower the cost of data breach recovery by $2.1 million, according to the Ponemon report.
“My message for companies that think they haven’t been attacked is: ‘You’re not looking hard enough,’” global cybersecurity expert James Snook recently warned in an interview with Tech City News magazine. In the wake of a data breach, companies must act quickly to secure their systems and fix vulnerabilities that allowed hackers to enter. Having a strong incident response plan in place is the best way to meet the mandates of new cybersecurity regulations, restore customer confidence, and thwart future cybercrimes that threaten your business.
CyberGuard360’s clients across four states and 40 industries are guided safely through the threat landscape. Our wide array of services includes system security suites, risk assessment, education, and training and disaster recovery, and we specialize in helping New York companies comply with 23 NYCRR 500. If you’d like us to put our expertise to work for you, we’d be happy to help. Call us at 844-315-9882 or use our contact form for a free consultation.