Planning For Fast Recovery from a Security Breach
by Tim Keeler, on Feb 25, 2016
With the alarming number of cyber security breaches that have made the news over the last couple of years, there are reasons to be concerned. From the WannaCry virus to the Equifax hack, you definitely want to make sure that you have the proper measures in place in the event that your system is compromised. If your company is unfortunate enough to have suffered a breach, or even a natural disaster, your customers are going to be less confident and trusting of your abilities to safeguard their data. It is possible to have suffered a security breach and not even know it, and the public is very aware of this. It is also possible that a disaster will occur, and you will be required to bring your systems and network up as quickly as possible so that your business can resume its normal operations.
Whether you are facing a security problem or a natural disaster, you need to have certain procedures in place to quickly recover your systems back to normal. You also need to ensure that the system is restored in a way that will not further compromise any of your data. It is a fine balancing act, but not an impossible one. While you generally can’t predict an emergency, you can plan to get business restored quickly with some early planning.
Keep Systems Current
Keeping your systems current should really go without saying, but far too many businesses fail to keep their systems and networks properly maintained. Patches and updates are continually pushed back because there isn’t time to do them or fear of impacting critical services and revenue. If you take a look, a large percentage of breaches over the last few years were caused by companies neglecting to download patches and updates to their systems. If your IT department installs patches and updates, and manages maintenance on a regular basis, you will significantly reduce the odds that your systems will be compromised.
Security breaches are a result of flaws in the system. Patches and updates tend to focus on fixing the flaws and vulnerabilities. By keeping up with maintenance and software (particularly your firewall and security software), you will lower your risks that you will have to restore your systems.
When looking at a lot of the security breaches over the last five years, there is another recurring pattern: passwords are not properly managed. Employees use the same password for all of their systems, making it very easy for a malicious hacker to gain access to everything in your system once they have a single password. Providing your staff with a reliable password management system will help reduce or eliminate the risks associated with passwords. Your employees are also likely to enjoy it too since it means not having to remember their passwords.
Streamline the Enabling and Disabling of Employee Accounts
It can take a while to give a new employee access to everything that will be needed to get the job done. Some companies take even longer to revoke access for employees after they leave. Not granting employees access quickly can be a waste of money as they sit around waiting to be able to work. However, not revoking access the same day that an employee leaves opens you and your company up to a whole host of unnecessary hazards. Employees who leave should not be able to access their company accounts once they leave. Even if former employees don’t try to access their accounts, there will be information for malicious hackers to find and start to use those old accounts. If you have a list of roles, what employees in those roles can access, and when they are granted or revoked access, you will reduce unnecessary risks and save money.
Establish Privileged Access Management
One of the greatest weapons that malicious hackers have is generic access accounts. These types of accounts, usually called administrator accounts, are established so that multiple users can gain certain types of access to make more advanced changes to the network or systems. The password for these accounts is distributed to the relevant employees and there is typically no way to track who accessed what following a login. Privileged access management is a great way of both minimizing the kind of access each user has while creating an audit log so that you can see which users accessed and changed parts of the system. You don’t want someone from accounting having the ability to make changes that a member of your IT staff should be making, and vice versa. Yet, that is exactly what administrative accounts do. Privileged access management closes many of the loopholes that malicious hackers look for when they begin attacking companies. Essentially, privileged access management takes a zero-trust approach to managing your data, and that is something you are likely to want if you have ever suffered through a breach and its aftermath.
Hire a Company to Check for Vulnerabilities
This suggestion is another method of prevention, and it is also one that most companies should have. If you have been a victim of a security breach, you can make your customers feel more secure going forward by hiring ethical hackers, or hackers who are hired to look at your systems and networks. They can identify vulnerabilities so that you can start to fix them. You can also use their results to plan for recovery if something should happen before you can fix all of the problems. Typically, companies that hire white hat hackers come up with rather extensive lists, and it takes a while before everything is fixed. You will want to repair the most severe problems early, but you will also need to plan for breaches for the areas that you cannot fix immediately. Make sure to get the vulnerabilities prioritized in order of severity so that you can fix the most egregious ones as soon as possible.
Establish Monitoring for Your Data
One way to catch a malicious hacker early is to have constant monitoring of your data. This can be done through logs and data monitoring software. Once an odd login occurs or an employee attempts to access an area they shouldn’t, the system will provide notification, and IT can begin to react to potential threats. This may mean shutting the system or network down to manage the problem, but it will mean that the breach will be minimized as early as possible.
Create a Recovery Plan
Too often companies do not have a plan in place that will help them restore the system following a breach or disaster. Having a recovery plan is not just a best practice, it can help restore customer confidence in your company. There are a number of measures that can trigger the recovery of information, but typically the steps will be the same regardless of what triggers the need for recovery.
You should also conduct tests to make sure that the recovery process takes a lot of working parts of the company into account. Your IT needs span across a broad spectrum, and you need to know that if there is a breach, you can minimize what data is accessed. That requires you to know how the different systems are linked and to have walls between those systems and applications to keep unauthorized personnel from accessing areas where they don’t belong. Testing the recovery plan will take some time, but it will ensure you don’t miss critical steps. You are also more likely to identify areas where you can make cybersecurity more robust.
Communicate with Your Customers
You should have a communication plan in place in the event that there is a security breach. One of the greatest areas of concern and frustration following most of the security breaches over the last two or three years is that companies do not provide enough information for customers to understand the extent of the breach. Waiting a few weeks or a few months to inform customers after you realize there has been a breach will damage your reputation and their faith in your abilities. You want to establish a plan for how to communicate the extent of the problem and exactly what steps you are taking to minimize any future damage because of the breach.
Regaining your customers’ trust, as well as overcoming negative press generated by a breach, will be essential. The more forthcoming you are, the more likely customers will be to give you a second chance. If they feel like you are trying to hide things or get frustrated with not knowing what information was compromised, you will quickly start to lose customers. It all comes down to brand integrity. Whatever measures you implement, being transparent is one way of earning or re-establishing trust.