How to handle a data breach and cyberattack
In a previous article, we discussed the importance of businesses having a cyber liability policy in today’s modern world. More cyber criminals target small and medium businesses because they are the most vulnerable, so you cannot ignore the increasing number of cyberattacks just because you think your data is not valuable enough.
Cyber liability coverage may cover loss or damage to electronic data as well as other risks associated with cyberattacks, but you still have to handle cyber incidents correctly. When you fall victim to a cyberattack, here are the immediate steps you need to take.
Containing the Breach
Your first priority in the event of a cyberattack must always be containment. When one of your computers is rendered unusable due to a ransomware attack, for instance, you need to make sure that any other computers in the network aren’t infected by the same ransomware. Disconnecting the infected computer from the network is a must.
Other cases require different steps to contain the attack. Disconnecting an infected device from the rest of the network isn’t always enough. With data theft, you want to limit access to the potentially stolen data immediately. For dealing with potential network takeover, you may have to bring the entire network down.
Containment lets you limit your risks. With the attack contained, you can move on to the next step, which is…
Assessing the Situation
You have to fully understand the nature of the attack before taking steps to resolve the issue. Since the impact of the attack is already contained, you can be more thorough with your assessment. Find the attack surface exploited by the attacker or attackers, do an audit of affected files, and figure out the damage caused by the attack.
A thorough assessment should give you the full picture. If you have a cyber liability policy in force, your assessment is a strong foundation for filing a liability claim. In general, the assessment lets you decide the next step to take.
There are tools you can use to make assessment easier. A set of free forensic tools can help you identify affected files, create EnCase evidence files, capture physical memory for easier recovery, and perform Nmap network security audit. Premium tools and services from top providers like Secure Forensics let you dig deeper into the issue.
The next part of the equation is recovering your system to its healthy state. Assuming you have backups of your files or the entire system, disaster recovery should not be difficult. You just have to make sure that the attack surface – the breach point – has been fixed, and you can then safely restore the rest of the system.
Without a backup image, you may have to do manual recovery. Damaged files can usually be restored, but you will have to handle the case carefully. In the event of a hardware failure, it is best to leave the recovery process to professionals.
Combined with the cyber liability coverage we discussed in the previous article, you now have the ability to handle cyberattacks and their impacts. Use the tips and tricks discussed in this article to strengthen your system and reduce your attack surface too.