It is the bane of every business. Imagine your technical department has detected suspicious activity on the corporate network. Your customers and employees fall prey to credit card fraud and identity theft. Your company has been hacked and panic ensues. So what to do?
First, take a deep breath and remember you are not alone. Last year, 662 organizations were announced data breaches, according to Identity Theft Resource Center, a not-for profit. The figure includes both theft and accidents in the real world and cyber attacks.
Remember that an attack need not be a crippling experience for the company. Although business is likely to suffer a financial setback, the impact will be temporary if handled properly.
There are a number of important steps that companies must take when you discover the violation. Here's what you can do:
Do not disconnect: the natural instinct, when someone discovers that it has been hacked off the computer. That's a bad idea. Disconnect from the Internet and corporate network can help prevent the infection from spreading. But turn off the machine can also erase valuable evidence that could help researchers to determine what has been stolen and its new destination. A lot of malicious content resides in the computer memory and hard disk. Turning off the computer clears the memory and with it many traces of the intrusion.
Call the professionals: there are many companies specializing in forensic investigation after the attacks, please contact them. You must also report the attack. In general, local police do not have the resources to investigate a case of hacking, but making a complaint is often necessary to collect the insurance.
Maintain chain of custody, from here on out, not only must try to stop the intrusion, but also prepare for the inevitable legal consequences. It may not be sued, but in this case will demonstrate that responded appropriately to the invasion. Keep track of each person touching a computer or server involved and all their movements.
Find out if the violation is still active: do not assume that because an affected computer has been cleaned and removed the danger is over. The hacker could have taken control of several computers. At this stage, your job is to let the professionals do a thorough search in their systems. Be patient, the investigation may take several days.
Stop the bleeding: after professionals assess the problem, disconnect the PC infected Internet. The researchers will take a digital image of the information on them, so you can delete its contents. In addition, block all access to and from any Internet addresses involved. Also find out how the hacker slipped to fill that hole.
Find out what they stole: this can be slow and frustrating, but it is important to do well, so do not take shortcuts and resist the temptation to suspend the game early.
Find out who must report: at this stage to work with lawyers. There are laws that specify when a company has to inform people whose personal data were exposed to a leak.
Apologize: a notification letter about the attack will make it clear that you have reached the bottom of it. Emphasize that it has taken steps to prevent another invasion.
No comments:
Post a Comment