Data breaches have been in the news again recently. Anthem is a high-profile incident that made national headlines, but these data breaches happen far more often than most people realize. Poor security practices, such as not using strong passwords or regularly applying software updates, can create opportunities for hackers to gain access your network.
If you suspect your company has been the victim of a data breach, the most important piece of advice is this: do not panic. While it’s tempting to try to immediately attempt to fix the issue, this can cause more problems than it solves. In 2014, the average time between intrusion and detection was 87 days (other studies suggest this number is actually over 200 days), so spending a few hours or days planning a course of action is time well-spent, especially if you do not already have an Incident Response Plan. It is also helpful to get advice from experts who have experience in dealing with data breaches so that critical steps are not overlooked.
One good reason to avoid panic is because taking unplanned and undocumented steps makes forensic analysis more difficult. For example, if an attacker is creating files on your network and sending them back to their machine, deleting those files does not solve the root problem. In the future you may need to notify customers of the breach, and deleting files created by an attacker makes an investigation into the full scope of the breach more difficult.
In addition, drastic steps may alert the attacker that they have been discovered, causing them to take additional actions in an attempt to maintain access or cover their own tracks. As in the previous example, this can cause a loss of evidence that could be helpful in determining when the data breach first started.
There’s no shame in being the victim of a data breach, and addressing a data breach can be an overwhelming job for a single company. IT staff may be more worried about their jobs than they are about revealing the full details of a breach. At LuciData, can provide objective analysis and recommendations when a company suspects it has been breached. We can help quickly identify problems, offer impartial advice, and make security recommendations to keep your company as secure as possible.