When it comes to IT security, prevention is undoubtedly preferable to cure. But sometimes, despite everybody’s best intentions, breaches happen, and IT staff must pick up the pieces as best they can.
This article addresses three different types of IT security breach. For each, it suggests what should be done in the aftermath, and a few things that could have been done to prevent the breach in the first place. If it’s too late for that, the same list is equally valid as a way to stop a similar breach happening again in the future.
1. Malware Attack
Scenario: Despite the security software and systems in place, one or more computers have become infected with malware.
- Remove infected computer(s) from the network immediately.
- Perform random checks on other PCs to ensure no cross-infection.
- Attempt to establish the source of the malware infection (often a result of a user falling victim to social engineering).
- Step up anti-malware defenses (better software, vulnerability scanning solutions).
- Educate staff on social engineering methods.
- Perform more random scans for malware.
- Improve patching for vulnerabilities.
- Consider a more reliable Internet Security solution.
2. Staff Breach
Scenario: A disgruntled member of staff has left the company and subsequently stolen data or attempted unauthorized access to systems.
- Investigate legal avenues to prevent against further breaches.
- Ensure all passwords the user may be in possession of are changed.
- Notify any individuals whose data may be at risk.
- Ensure that staff are contractually obliged to refrain from accessing systems after leaving, with possible sanctions made clear.
- Improve internal controls for dealing with staff who leave the company.
3. Data Loss
Scenario: A hard drive containing company or customer information has been left in the back of a taxi, and attempts to locate it have been unsuccessful.
- Be honest with all parties who may be affected – don’t purely hope they won’t find out!
- Take steps to change all passwords.
- If need be, release a statement explaining details of the breach and the steps that will be taken to prevent a repeat incident.
- Minimize or eliminate the need for individuals to carry data on portable storage devices. Consider the use of thin-client or cloud technology instead.
- Ensure that every device containing data, from laptops to USB keys, is suitably encrypted.
If you’ve been lucky enough to not yet be involved in a security breach, you would do well to consider the “avoidance steps” detailed for each of the above breaches. While you may not be able to prevent something bad from ever happening, you can certainly minimize the impact of each serious event.
Do you have any additional advice for what to do in the event of a security breach? Let us know with a comment below.