What to Do Before (And After) a Data Breach

One of the biggest myths out there related to cybersecurity is that criminals only go after the big enterprises. Why should they care about your small operation, anyway? In reality, cybercriminals love to attack small businesses to take advantage of their weaker security infrastructures. If you’re not careful, this could lead to serious losses for your business stemming from a loss of trust, legal fees, and operational downtime.

Today, we’re going over what you should do before a data breach, as well as what to do afterward, so you can be as prepared as possible for cyberattacks.

What to Do Before a Data Breach

Develop an Incident Response Plan

If you want to be ready for a cyberattack, it starts by building a plan. You need to build an Incident Response Plan (IRP), a physical or digital document that details what happens in the event of a data breach. This includes resources beyond IT, including your legal counsel, any insurance providers, and your head of communications. With all this at your fingertips, you should be able to execute your plan in a second, should anything bad occur.

Implement the 3-2-1 Backup Rule

On the off-chance your business suffers a data breach, you'll want to have backups and restoration procedures in place. We recommend the 3-2-1 rule, where you maintain three copies of your data, on two different media types, with one off-site copy. Keep in mind this is the bare minimum of what you should accept; we also like to add in having an immutable backup that cannot be edited or changed, just for good measure.

What to Do After a Data Breach

Isolate the Affected Systems

Your first thought, in the event of a data breach, should be to contain the threat. Disconnect the device from the Internet and your physical infrastructure, but do not turn the computer off; experts will need to look at the device to see what the hackers were up to, and turning it off could erase vital evidence. Finally, disable remote access and shut down any VPNs or remote desktop protocols.

Conduct a Forensic Investigation

Now that your systems are isolated, it’s time to root out the cause of the breach and take action. We recommend you work with security professionals, like USA Computer Services, to find out how the attacker got in, like an unpatched software vulnerability or a phished password. If you work with us, we’ll also look for which specific files were accessed or exported, as well as how long the hacker was present on your systems and which accounts have been compromised.

Practice Transparency In Your Communication Strategy

A data breach is devastating in its own right, but it can be just as bad for your reputation if you try to cover it up. You need to effectively communicate to your clients and customers that you are not a liability due to your security breach. We recommend you follow a simple framework in your client-facing communication: start with what happened, explain what you are doing to address it, and what your clients should do in their own response.

Reset All Credentials Across the Organization

If a hacker makes it into your infrastructure, they’ll likely try to use a backdoor to break in again. Use the “nuclear” password option and force password changes across the organization, and be sure to log everyone out of all accounts and devices globally. Furthermore, enable multi-factor authentication for all accounts to prevent a secondary breach.

Is your business adequately protected from and prepared for a cyberattack? USA Computer Services can help you develop the appropriate response strategy, but hopefully it doesn’t come to that. Learn more today about how to minimize your risk by calling us at (704) 665-1619.