Knowing What Not to Do Is as Important as What to Do
The Internet is a seemingly endless stream of “how-tos” for almost any topic imaginable. Data breaches included. But rarely does anyone mention what not to do when facing a breach. Yet doing the wrong thing can be just as detrimental to your recovery as not doing the right thing.
So, what shouldn’t you do?
1. Don’t React on Instinct
Suspecting a data breach, many people react quickly, instinct telling them to abort the attack with whatever means available – such as shutting down their computer. This and other impulsive acts may only worsen the damage, depending on the nature of the strike.
Impulsive moves to avoid:
• Powering off computer
• Copying data
• Connecting external devices
• Backing up the system or hard drive
Stop. Think. And first confirm the validity of the breach by contacting your IT department and following your organizations data breach plan. Often times, a glitchy software update or system misconfiguration can elicit a false alarm.
2. Don’t ‘Wing It’
If the breach is confirmed, don’t assume you can improvise or go rogue. You may not have all the facts, such as where the attack originated or the cause (malware, firewall weakness, outdated software, internal violation, etc.). It’s also possible the assault is outside of your organization’s expertise to handle safely and appropriately.
Again, follow your follow company’s incident response plan regarding cyber attacks. These plans should include key responders and contacts. Also consider that you may need to call in third-party experts to resolve the invasion and fallout sufficiently, including cyber forensic specialists, criminal investigative authorities, and legal counsel.
3. Don’t Rush Your Resolution
Ultimately you want to resolve the intrusion and reinstate services as quickly as possible. But you do not want to sacrifice thoroughness for quickness. If something is overlooked in haste, you risk both additional attacks and loss of internal and external trust.
Check and triple-check remedies and safeguards. Once a cyber intruder gets the lay of your network land, it’s often easy for him to come back for another visit. Continue to heavily monitor system activity.
4. Don’t Go Quiet
Silence is not always golden. It’s tempting to keep news of a data breach under wraps for fear of reputation damage and shareholder withdraw. But staying silent can actually cause more damage once word gets out – and it will. Also, don’t ‘hit and run’ by issuing an initial statement about the breach, but then fail to keep interested parties informed of your progress. And this is particularly important for your customers. Do not leave them hanging, wondering if they’re personal information has been hijacked and if their identities are at risks.
Take responsibility. Announce the attack with appropriate transparency. Share with vendors, shareholders, customers, and staff, what has been compromised, when, the steps you took to remedy the infiltration and mitigate damage, and what actions you will put into play to guard against future attacks. And keep them updated on new developments.
5. Don’t Mislead or Exaggerate
Using hyperbolic and misleading language won’t reflect well on your brand. Trying to spin a situation to appear less harmful or to deflect fault can send a message that you’re attempting to hide something - eroding hard-to-recoup trust.
According to Cloud Research Vice President, Mark Nunnikoven, you should deliver messages that are “no-bull, frequent, and which clearly state actions that are being taken and those that need to be taken.”1 Open and honest communications will reflect your sincerity and act as vital bonding element of faith in your brand.
6. Don’t Forgo Employee Education
Malicious actors often go for the weakest link in the network chain…and that’s the employee.
Inform employees of cyber attack methods and train them on how to put cyber security best practices into play to help thwart invasions.
7. Don’t Think You Know It All
Cyber criminals are constantly refining their techniques and finding new ones to infiltrate organizations. Don’t assume your cyber security protocols you had in place a year ago are still relevant to dark actors’ MOs today.
Keep your enterprise appraised of cyber crime trends and modify your security tools and protocols accordingly. Also, assess your risks regularly and frequently. Cyber criminals relentlessly change and modify their tactics.
Formidable cyber security is a perpetual journey. It requires constant attention and effort to stay ahead of the criminals. Understanding what to do and what not to do are equally vital to your resiliency and recovery.
Want to remain resilient and learn more about boosting your cyber security? Assurance Software offers a cyber risk assessment that can evaluate existing business continuity plans, assess your cyber-attack vulnerabilities, test your ability to quickly respond, and recommend action steps to protect your organization. Contact us to learn more.
For more great industry info, check out free whitepaper:
Topics: Cyber Security
Written by Angie Longacre
As a writer for Assurance Software, Angie devotes her craft to promoting business continuity and disaster recovery awareness, and trumpeting Assurance Software’s invaluable benefits for both. When she’s not commanding the keyboard, you can find her outside for a run, searching for her next antique treasure, or lost in a good book.