Embed Size (px)
Citation preview
Data breach response checklist 1
Data BreachResponse Checklist
Suite 1, Level 316 - 18 Wentworth StreetParramatta NSW 2150
Tel 1300 797 888
www.empowerit.com.au
Data breach response checklist 2
A step-by-step guide to responding to a data breach
No matter how strong a company’s defenses are, there’s always a risk of a data breach. It can be caused by hackers, malicious insiders, or careless employees, but don’t panic. You can soften the blow of a data breach with a well-thought-out incident response plan.
What is an incident response plan?An incident response plan enables organisations to respond quickly if sensitive data was accessed, modified, stolen, or copied by unauthorised individuals. It’s vital for minimising the financial, reputational, and emotional harm to both companies and their clients.
When creating an incident response plan, you should appoint a response team comprised of IT, legal, and risk management personnel, and establish their roles during the crisis. You must also define what constitutes as a breach to help staff recognise one and establish a clear action plan that includes five important steps:
1. Identify the breach
2. Contain the threat
3. Analyse the attack and recover
4. Notify regulators and affected parties
5. Evaluate your response
For more information on our managed IT services and solutions, go to: www.empowerit.com.au
Data breach response checklist 3
Identify the breach 4.
Contain the threat 5.
Analyse the attack and recover 6.
Notify regulators and affected parties 7.
Evaluate your response 8.
End-to-end solutions 9.
Table of contents
Data breach response checklist 4
The first thing you should do is confirm whether a data breach has actually occurred. Signs of a breach can range from subtle to obvious depending on the cyberattack. If hackers use ransomware, for instance, your files will be encrypted and a ransom note will be displayed on your screen. However, if they use covert spyware programs, there may be no obvious signs of a breach other than unusually slow computer performance.
Other signs you should watch out for include unexpected software installs, website redirects, login issues, unusual network activity, and critical file changes. You should also conduct a comprehensive security assessment and a full system scan with anti-malware software to be sure.
1. Identify the breach
Data breach response checklist 5
2. Contain the threat
If you discover a breach, it’s important to take swift action to prevent further damage. Here’s what you should do:
Disable your network to limit the spread of self-propagating worms and ransomware
Disconnect affected devices and wait for security experts to arrive
Use backup workstations and servers if possible
Advise your staff to update their passwords
Re-assess access privileges for each employee
Keep activity logs from the time of the breach for forensic analysis
Data breach response checklist 6
3. Analyse the attack and recover
Analysing the attack can help your company understand the severity of the data breach and learn how to prevent hackers from using the same strategy again. This involves finding out the origins of the attack, what information was compromised, the potential risk to affected individuals, and if there are patches and fixes you forgot to apply. You’ll have to consult with security experts in this phase.
Then, you need to repair your systems. Follow these steps to get your business back on its feet:
Remove any detected malware with anti-malware programs.
Use approved decryption software to crack certain types of ransomware.
Install the latest firmware, software, and security patches.
Wipe affected files and restore clean copies of your data with cloud backups.
Data breach response checklist 7
4. Notify regulators and affected parties
According to the Notifiable Data Breach scheme, every organisation that manages personally identifiable information is required to report data breaches to the Office of the Australian Information Commissioner (OAIC) and affected entities. Failure to comply with these regulations can lead to fines of up to $1.8 million, not to mention the potential backlash from existing customers. To avoid costly penalties, make sure you:
Notify the OAIC as soon as possible
Create a communication strategy detailing what response staff are supposed to say to customers and stakeholders after a breach
Send emails that explain what data was compromised, how the breach occurred, what actions you’ve taken to fix the issue, and what clients should do
Set up an FAQ page so affected parties can learn more about the incident
Draft a prompt press statement about the mistakes that led to the breach
Data breach response checklist 8
5. Evaluate your response
When an incident has been resolved, it’s important to review how well your company managed the crisis, evaluate your backup solutions, and identify areas for improvement. For example, if you noticed that it took a long time for your company to detect a breach, you may need to invest in cutting-edge threat detection tools and 24/7 network monitoring services.
You should also take this time to retrain employees on their incident response roles and provide a quick refresher course on cybersecurity best practices to reduce the chances of future breaches.
Data breach response checklist 9
E N D - T O - E N D S O L U T I O N S
M a n a g e d I T S e r v i c e sManage d I T s er v ice de sk , manage d I T in f ras t r uc t ure ,
manage d I T moni tor ing , manage d b ack up, mobi le
de v ice management
C l o u dPr i va te c loud , c loud mig ra t ion , c loud b ack up, o f f i ce 3 65
for bus ine s s , job management s y s tem
I T S e r v i c e sI T pro je c t s , bus ine s s phone s y s tems , I T p lanning , I T
s y s tems hea l t h che ck , e duc at ion s o lu t ions
T e c h n o l o g yD y namic s 3 65 , SharePoint , O f f i ce3 65 , Power B I
