What To Do When Your Network is Hacked
You just learned that your business experienced a data breach. Whether hackers took personal information from your corporate server, an insider stole customer information, or information was inadvertently exposed on your company’s website, the first question you ask you self is - what steps should I take to make sure this never happens again.
Third Party Vendors - if the intrusion was because of the access third party vendors have to your systems, examine what personal information they can access and decide if you need to change their access privileges. Also, follow up with vendors to make sure they are taking the necessary steps to prevent another from occurring. When they say they have remedied vulnerabilities, verify that their systems are now secure.
Network Architecture - when networks are set up, they are usually segmented so that a breach on one server or in one site is contained and cannot leak over to other servers or sites. Work with your IT team or if you use an outside company, engage them to analyze whether your segmentation plan was effective in containing the breach. If not, have them map out and incorporate the necessary changes.
Work with Your IT Experts - find out if encryption was enabled when the breach happened. Analyze backup data. Review logs to determine who had access to the data at the time of the breach. Also, this would be a good time to analyze who currently has access, determine whether that access is needed, and restrict access if it is not.
Identify Lost Information - verify the types of information compromised, the number of people affected, and whether you have contact information for those people. When you get the reports back from your IT experts, take the recommended remedial measures as soon as possible.
Communications Plan - create a comprehensive plan that explains in a non-technical fashion the exact details of the breach and make it accessible to all the stakeholders - employees, customers, investors, business partners and vendors. Don’t hide pertinent details about the breach that might help consumers protect themselves and their information. Honest and complete communication up front can limit customers’ concerns and frustration, potentially saving your company time and money later.
Following a well thought out roadmap that reveals how the incident occured, who was affected and what to look for so that it doesn't happen again is the best way to respond to a network intrusion.