Image Source
Business cyber security is vital in an
increasingly data-driven world. Yet, barely a day goes by without news of a
high-profile data breach. Infamous incidents have involved companies like
Facebook, Equifax, and Marriott International.
Governments are not immune from the risks either - at time of writing,
Costa Rica is dealing with disruption to the IT systems of multiple government
ministries as the result of a ransomware attack.
Small businesses should be concerned about
this too. According to Verizon's 2021 Data Breach Investigations Report, small
businesses are the victims of 43% of online attacks. These incidents impose
huge costs and can force businesses to cease trading - in some cases,
permanently.
Every organization, big or small, should ask
themselves 'what are the key steps in responding to a data breach?' Prevention
is best, but in the event of a data breach incident, a planned response is
required.
3 different types of data breach
There are many data security risks to
consider. Incidences of small businesses experiencing cyber attacks are increasing in 2022. Thus, planning for
such an event is more crucial than ever. Before we see what a plan looks like,
let's explore what kinds of threats to sensitive data are out there.
- Credential theft: Cybercriminals will often
try to steal login information to access protected systems. It's much easier to
access systems with a valid password than it is to "hack" into them,
and the stolen sensitive information can be auctioned off on the dark web.
Criminals can also threaten the mass release of privileged information unless a
payment is made.
- Distributed Denial of Service (DDoS): Victims
have their systems overwhelmed by too many requests for access. For this to
work, a cybercriminal infects numerous systems with a virus. That virus gives
the cybercriminal control over the system and turns it into a bot. The bots are
then ordered to flood the target system with an overwhelming volume of
requests. As a result, the target system is slowed to a crawl or shut down
entirely. These kinds of attacks can then be used as a cover for data theft.
- Ransomware:
Malicious actors install software on target systems that lock access for anyone
but the criminals through complex encryption. The perpetrator then contacts the
victim with ransom demands. Any delay in payment will often lead to increases
in demanded payments. Having accessed secure systems, cybercriminals may still
copy and steal sensitive data, even after a ransom has been paid.
Image source
Consequences
Data breaches can have far-reaching
consequences. They impact not only the target business but customers and other
stakeholders, so you should be aware of these possibilities when planning a
response.
- Customer data can be sold on the
dark web. Data that can then identify an individual can be used by scammers to
fleece them of their money.
- Businesses that fall victim to a
data breach can be fined upon the identification of security flaws. Under the
EU's GDPR legislation, for example, fines carry a maximum penalty
of €20 million or 4% of global annual turnover - whichever is greater.
- Companies can suffer huge
reputational damage in the wake of a data breach. Businesses that lose the
trust of customers find it very hard to recover.
- If Intellectual property and
operational data are exposed in a data breach, companies suffer dire consequences.
Shareholders, suppliers, and other stakeholders will think twice about
continuing to work with a company that can't secure its data.
Preparation
To effectively respond when a data breach
occurs, a plan should already be prepared. It begins by completing a risk
assessment of your systems. This process will reveal likely targets. Whether
those be the cybercriminals' ultimate goal or their method of attack. This
knowledge will enable you to better secure your data and set-up methods of
detection.
Let's take a look at potential vulnerabilities
and targets.
Entry points
Businesses should be aware of all the ways an
attacker could access their systems. Knowing where an attack has originated
from will make responding easier. Even systems not connected to the internet
can be targeted - cybercriminals can pose as IT personnel in order to install
malware, for instance.
Image source
Some possible entry points are listed below.
What data will be targeted?
Data collection is necessary to succeed in
business in the 2020s. It gives companies an edge in converting the most customers. However,
information that can identify an individual is highly prized by cybercriminals.
Below, you will see some of the types of data
cybercriminals target.
- Names.
- Dates of birth.
- Credit card details.
- Home addresses.
- Medical history.
- Vehicle registration info.
- E-mail addresses.
- Tax information.
Some cybercriminal activity is also industrial
espionage. Thus, companies should also think about their IP and sensitive
operational data.
Creating the plan
Understanding the targets and vulnerabilities
allows a business to start planning for a data breach. A good plan will allow a
quicker response time and faster recovery. The plan should be integrated into
all your security policies. Where data is touched upon in a policy, your data
breach response plan should apply.
Who does what?
A breach event can pull in different
departments from across a business. Make sure everyone is aware of their
responsibilities when a breach occurs.
- Managers -
Leadership should be prepared to coordinate the response between
departments. They will also need to be ready to work with external parties
during an incident. Managers will be key in analyzing the event in the
aftermath.
- IT team - These will be your foot soldiers in
the battle to eradicate the threat from your systems - they're also best placed
to first detect a breach.
- HR - Your human resources team should be
called upon in the event of a data breach originating from an internal source.
- PR - Public relations teams are vital in
reducing harm to your company's reputation. It will be their job to manage how
a breach is viewed in the media and by the public. Along with customer service
teams, they form an integral part of the escalation management process for customer
enquiries in the wake of a data breach.
Form a dedicated cyber security
team
Image source
Creating a team to help form plans and manage
a breach situation is vital. They can be called upon to ensure all departments
are following the plan. The team can help managers coordinate the response.
They will work with the IT folks to detect threats and mitigate damage from
attacks.
Use your cyber security team to foster a
culture of vigilance. Use them in training teams to prevent cybercrime and
respond correctly if it occurs - engaging training materials can be produced at
low cost using royalty free images.
To be effective, the team requires a budget and staffing that matches the
threat.
This team will be able to ensure that
technology doesn't leave you open to a breach. By ensuring software is updated
regularly, known security flaws can be eliminated. They can audit technology to
ensure devices aren't endangering security. Devices under the category of 'The
Internet of Things' can have security flaws.
Take out a cyber insurance policy
Cyber insurance can help with the costs
associated with a data breach. The better your cyber security is to begin with,
the lower your premiums. Insurers will often be able to assist in developing
your response plan and quantify your cyber exposure in financial terms. They may also provide training services to
your company to better avoid a data breach.
Backup critical data
One of the best practices for business continuity is to
back up operationally critical data. For a rapid turn around from a data breach
to get back to business, you will need access to your information ASAP. It is
recommended that data be backed up in a remote location through cloud
technologies. Additional on-site backups will only serve to improve response
time, so go for it - just be sure to use different media.
Discovering and responding to a
data breach
By providing your teams with the best cybersecurity training, you will have a
vigilant workforce able to detect a possible data breach. Your IT teams should
be on the lookout for unusual activity: multiple failed login attempts, error
messages, or access requests from strange IP addresses are all red flags.
Image source
For example, a company that operates
exclusively in the US wouldn't expect its systems to be interacting with
websites with domain names Australia-based businesses would
expect. It could be a sign of a DDoS attack attempt by a botnet from down
under.
Immediate actions in the hours
after discovering a data breach
Upon discovery of a data breach, you must put your plan into
action. Your priority actions should be as follows.
- Activate your cybersecurity team
to begin forensics.
- Isolate affected systems and cease
using them.
- Consult with your legal
department.
- Inform law enforcement.
- Analyze the scale of the breach.
- Assess the impact on business communications.
- Gather PR and marketing to discuss
how to communicate events to the public.
Complete these steps rapidly. A fast response
will allow an expedited recovery. This is why it's so important to plan for
such an eventuality. There are also some fairly uncommon practices, such as modernizing legacy systems in insurance sector
or other industry, to keep something like this from happening in the first
place.
Communicate with affected parties
You will have to have some difficult
conversations with those affected by a data breach. Through honesty and
openness, you'll be able to minimize reputational damage. Any communication
with affected parties should stress that a plan was in place. It's vital that
your company offers support to those concerned about how the data breach
affects them.
Recovery
Once you've handled the emergency situation,
it'll be time for a clean-up. You should now contact your insurer to see how
they can assist. Let's look at some of the actions your cybersecurity and IT
team may need to take.
- Eradicate affected files.
- Restore from backups.
- Identify and mitigate
vulnerabilities.
- Delete malware installed by
cybercriminals.
- Change passwords.
- Update all systems and software.
As the source of the breach becomes clearer,
other action may need to be taken. If the breach came from an internal
employee, you will have to rely on your HR department to start their process.
Whether internal or external, ensure that the relevant authorities are kept
informed. It's also important to keep affected parties in the loop -rebuilding
trust with customers, or other stakeholders, is an ongoing process.
Learning Lessons
Image source
After righting the ship, you should conduct an
investigation into the data breach. The purpose is to determine if there is
causality between company procedures and the occurrence of the breach. By the
end of this review, you should have a list of actions to prevent further
incidents. Following are examples of some of the questions your company should
ask during this process.
- Were internal communications systems disrupted during the event? Consider using externally hosted business phone systems. This will reduce
the hampering of your response and recovery efforts, ensuring communication
throughout.
- Was the attack from an internal source? Review
recruitment processes to reduce the chance of bringing a malign actor into the
business.
- Did you discover lax security in any areas? Beef
up security procedures, especially in areas where sensitive information is
held.
- How well did the team follow the plan? Review
training if necessary.
- Is sensitive data too accessible? Ensure
information is only accessed by those who require it. You can implement email tracking to see who is reading
communications. You may find that emails are viewed by team members to whom
they have no relevance.
- Did technology help or hinder? Look at how you
can improve the technological solutions you work with. Eliminate technology
that exposes your company to a high risk of cybercriminal incursions.
Data power
Data is crucial for operating a business in
the 21st century, and sometimes it's sensitive information. Companies are
responsible for storing their data securely. No system, regardless of how
secure, is immune from breaches.
What have we learned? Planning for a data
breach is vital. It makes the response and recovery process move smoothly and
rapidly. The more you can do to prevent a breach in the first place, the
better. Data breaches can still occur, but by following a well-considered plan,
you can mitigate financial and reputational damage.
##
ABOUT THE AUTHOR
Grace Lau -
Director of Growth Content, Dialpad
Grace Lau is the Director of Growth Content at
Dialpad, an AI-powered cloud communication and CX platform for better and easier team
collaboration. She has over 10 years of experience in content writing and
strategy. Currently, she is responsible for leading branded and editorial
content strategies, partnering with SEO and Ops teams to build and nurture
content. Grace has written for domains such as Brightpearl and VoilaNorbert. Here is her LinkedIn.