Data Breach Management
There is a generally lax approach to cybersecurity in the Southern African region, perhaps because most of the stories we hear or read about data breaches happen oceans away so we are inclined to believe these things do not happen here. However, as a company that works within the digital space, we can tell you that data breaches happen in our backyard as well and the consequences are real and far worse than some bad press coverage. In a previous post we covered the potential consequences of cybersecurity breaches such as loss of customer trust, financial implications, reputational damage, etc. so we will not go into that again; instead, we are going to discuss how to effectively manage the aftermath of a data breach if you find yourself in that unfortunate position.
Having proper cybersecurity systems in place is definitely one of the best solutions for prevention but in addition to that there is another measure you can take prior to an incident occurring – preparing for it. Preparing an Incident Response Plan may seem like a waste of resources when you have other core operational matters to attend to, but the risks that you become exposed to if a breach occurs and you do not have one in place can make an already bad situation worse. The typical knee jerk reaction to a breach will likely be panic and the last thing you need within your organisation is employees panicking who have no idea what they are supposed to do, that is when people make mistakes. Your Incident Response Plan should detail what must be done in the event of a breach and by who, and as such employees should also be adequately trained in how to effectively execute the plan. Preparing before the need arises will help ensure that the situation is dealt with in an organised manner that will minimise the impact of a breach and allow you to get back to business sooner.
Now moving to the actions you should take post breach, the first step is containment. Once you have discovered that information has been stolen it is critical to ensure that relevant systems are isolated to prevent further losses. How this can be done will depend on the nature of the breach, but it may entail disconnecting systems from the internet, disabling accounts, restricting system access, or changing passwords, among other response measures.
While you implement your response plan and containment measures, however, it is important to take care to ensure that evidence is preserved. While the immediate priority is to stop the breach, it is equally important to also be able to later identify and analyse why the breach happened, so it does not happen again. In your scramble to fix the problem you run the risk of unintentionally destroying key information which could be important for the investigation of the breach, so make sure you take adequate care.
An ounce of prevention is worth a pound of cure and if prevention falls through you need to be prepared. While Baker Tilly Digital’s main priority for every client is to stop data breaches from happening in the first place, we understand that systems may not always be full proof, so through our Digital Forensics services we also work with you to make sure you are ready and appropriately resourced to manage the worst case scenario as well. Being proactive instead of reactive is always the best plan for recovery and success.