Emergency Breach Response 

1) Stay calm and don’t panic.

In a panicked state, users can make poor decisions that can make a situation worse and could in fact increase the damage rather than contain it.

2) Communicate & raise awareness

It is very important to inform users and management of the potential issue. This can help other users to not make the same mistake and also put everyone on alert and on the lookout for other potential breaches. Management and relevant departments like IT services HR and if applicable legal should be contacted straight away and any IT policies and procedures followed.

3) Contain and secure

Depending on the type of breach there are several things that you can do. For an email account or web-based system, you can change passwords and block access to the system or prevent login for the affect user or users. For a malware or virus infection, you need to limit it’s access as best you can. Take the affected computer or computers off the local network or wireless network. This will generally prevent the device from infecting others on the same network or transferring data through the internet. Usually, it is best not to turn off the computer unless advised to do so by the IT services department as it can prevent the full diagnosis of the attack and its effects. Isolate any critical systems, data or devices to prevent access or damage.

4) Investigate and determine the extent of the breach.

Keep asking questions like “How did it start?” “When did it start?” “What was the first indication of a problem?” “Is any other user or system affected?” Check and test all critical systems and data. Monitor all systems for changes and anything out of the ordinary. Log and document every step from the first instance to the final resolution or findings. Keeping a detailed account can help to determine fully how the breach occurred and how to best handle the situation.

5) Learn, prevent & invest

Learn from the mistake and put systems and procedures in place to prevent it from happening in future. Your IT Services Department should provide a full report and recommendations to increase the security in future. Management should always invest to keep the company running at its’ best level of security to prevent downtime and work outages. Putting in place international standards and practices and gaining cybersecurity certifications like Cyber Essentials & IASME can go a long way to make your company secure.

The above Incident Response Plan aims to reduce the exposures to an organization, customers, employees and partners that arise out of data theft or data loss incident. The above response plan is a guideline to help you respond to a cyber attack, based on security industry best practices and hands-on experience protecting sensitive information and systems for SMEs. It is designed to set the foundation for an incident response strategy that is proactive, pragmatic, and simple to adopt.

For further information or assistance contact us using the following details or fill out the contact form below.