3 steps to take after a security breach

For a long time now, Specops has been advising organizations on how to protect their network and data against common security threats. We’ve managed to cover everything from sophisticated social engineering tactics, to the simple phishing email. Along the way, we’ve repeated the importance of a strong password/passphrase, or better yet, additional layers via multi-factor authentication. Yet, despite the effort put into preventing a security breach, many companies still find themselves vulnerable. Not even tech-savvy companies like as Yahoo, Verizon, or Ebay are immune. That is why for this blog post we are shifting to a more reactive approach – 3 steps to take after a security breach to minimize further risk:

1. Understand:
   What was the initial security hole that let them in – who, were, when? You will need investigate the extent of the problem, identify the compromised systems, and implement a containment strategy to prevent it from spreading. Check your logs to compare before and after values on what was changed, where, and when. If there’s any guesswork in your equation, you may be better off hiring a forensic expert to manage the incident.
2. Communicate:
   Notify your employees, customers, and stakeholders of the breach. Describe why and how the incident took place, and how it will be prevented in the future. This will also be a good time to guide the organization to your security policy, and other best practices, such as password security, to prevent future incidents. Finally, if you’re in an industry that abides by compliance policies, such as HIPAA, you must follow the appropriate breach notification requirements.
3. Document:
   While you may have resolved the immediate danger, you are never completely secure in today’s landscape. Documenting everything you did, as well as everything you learned can help you avoid the same issue in the future. Are there any processes that can be improved to better protect the organizations? If so, now may be the time to update your Incident Response Plan.

Security threats are nothing new, but they have become particularly disruptive in the last few years. Although it is easy to get caught up in the chaos, do not tread away from business continuity. An Incident Response Plan coupled with a Business Continuity Plan can help you stay on track, and keep your task force on the same page.