The information most compromised in a data breach is personal. For example, credit card numbers, social security numbers and medical records. Corporate information includes customer lists, manufacturing processes and software source code.
Unauthorized access to this information characterizes a clear data breach, resulting in identity theft or violation of compliance requirements vis-à-vis the government or regulatory sectors. Incidents like this lead to companies facing fines and other civil litigation, not to mention the loss of money and credibility.
The problem is that any company can suffer cyber attacks these days. No matter how many preventive actions are taken, the big question that arises – and which should be a priority for organizations of different sizes and sectors – is: what to do in the event of a data breach?
Recently there was a huge leak in which data from approximately 800 million email accounts was stolen. By the way, if you want to check whether your email data has also been stolen, go to: https://haveibeenpwned.com.
Main causes of data breaches
It’s common to think of a data breach as someone attacking a corporate website and stealing confidential information. However, not everything happens that way.
However, it only takes an unauthorized employee to view a customer’s personal information on an authorized computer screen to constitute a data breach.
Data is stolen or breached for various reasons:
- Weak passwords;
- Software patches that are exploited;
- Stolen or lost computers and mobile devices.
- Users who connect to unauthorized wireless networks;
- Social engineering, especially phishing e-mail attacks;
- Malware infections.
Criminals can use the credentials obtained through their attacks to enter confidential systems and records – access that often goes undetected for months, if not indefinitely.
In addition, attackers can target their attacks through business partners to gain access to large organizations. Such incidents usually involve hackers compromising less secure companies in order to gain access to the main target.
Prevention is still the best medicine
Ensuring a completely secure environment is a major challenge.
Today we have various resources and technologies that can considerably minimize the risk of attacks. However, this is a very dynamic environment in different aspects that make cyber attacks possible. Prevention is therefore the best way forward.
In short, the most reasonable means of preventing data breaches involve security practices and common sense. This includes well-known basics:
- Carry out continuous vulnerability and penetration tests;
- Apply malware protection;
- Use strong passwords;
- Apply the necessary software patches to all systems;
- Use encryption on confidential data.
Additional measures to prevent breaches and minimize their impact include well-written security policies for employees, as well as ongoing training to promote them.
In addition, there must be an incident response plan that can be implemented in the event of an intrusion or breach. It needs to include a formal process for identifying, containing and quantifying a security incident.
How to Deal with the Consequences of a Data Breach
Considering that a data breach can happen in any company and at any time, an action plan is the best tactic.
The most basic problem is that people still don’t see cyber attacks as inevitable. After all, they believe their defenses are good enough or they don’t think they’ll be targeted.
Another problem is that organizations don’t understand the true value of effective incident response plans. It can take weeks for them to understand what has happened.
The recommended steps during a data breach are:
- Identifying what happens;
- Meeting of all related sectors;
- Getting things under control;
- Reduced side effects;
- External communication management;
- Recovery of business operations;
- Identification of lessons learned;
- Process improvement.
The priority is to stop the breach of confidential data, thus ensuring that all the necessary resources are available to prevent any further loss of information.
|
Identification
Understand what happened – how the attackers got in or how the data was leaked – and also make sure there is no leak.
Knowing what your situation is, defining the position to adopt and being able to take the necessary actions from that position are the first steps to take.
Containment
Did the strikers come from outside? Ensuring that nothing else leaves the company should also be one of the initial stages of incident response. The next actions will be carried out from this point.
Eradication
Deal with the problem by focusing on removing and restoring the affected systems.
Ensure that steps are taken to remove malicious material and other illicit content, for example by performing a complete hard disk recreation and scanning the affected systems and files with anti-malware software.
Communication
The next step is to align the discourse when it comes to external communication.
The IT policy must include care related to social networks and the organization’s other communication channels. After all, all the information related to the problem should come out of one place, always aligned with the actions taken by the company.
It is very common these days to include the organization’s legal department in communication issues and in dealing with situations with clients and official bodies.
On the saferweb website, which is a civil association focused on promoting and defending human rights on the Internet in Brazil, you can find a list of cybercrime police stations where you can file a complaint.
In addition to official bodies, remember to notify those affected by the leak, whether they are employees, suppliers or even customers.
Finally, don’t forget that the General Data Protection Act (LGPD) also deals with this issue.
Lessons learnedfrom the Data Breach
If your company can solve the data breach problem and recover quickly, then it is on the right track to restoring business and minimizing the impact.
However, in some cases, the problem reaches the press and takes on greater proportions, affecting the company’s reputation and business.
Follow our tips and the examples of other organizations that have faced similar situations in order to understand what went wrong and make sure you have the best tactics to avoid a recurrence.
Another important tip is to subscribe to our newsletter and keep up to date with the latest news!
About Eval
EVAL has been developing projects in the financial, health, education and industry segments for over 18 years. Since 2004, we have offered Authentication, Electronic and Digital Signature and Data Protection solutions. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.
With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.
Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.
Eval, safety is value.