What Should You Do If You Get Breached?
What should you do if your computer system is breached? Your response must address the impacts on:
- Your system
- Your data
- Your company’s legal responsibilities
- Your customers
- Your business’ reputation
If you already have an Incident Response Plan ready, then activate and follow that plan. Notify your IT team immediately. As far as your system is concerned:
- Isolate the affected machine, taking it offline from the internet and from your internal network.
- Use Anti-virus tools to identify and neutralize the malware.
- Change the passwords of any logon IDs which access that system. If multi-factor authentication was not already in use, implement it as soon as possible.
- Alert other employees to increase their vigilance. If the breach resulted from a phishing response, it is especially important to inform other staff of that danger.
- Scan and verify any backups to make sure they were not compromised.
- Fully engage your technology teams and provide ample resources for them to conduct forensics and ultimately restore data and full functionality.
From the legal perspective, a data breach triggers requirements which can vary state-to-state.
- Notify your legal team.
- Take necessary and timely actions to notify regulatory agencies.
- If you have a cyber-breach insurance provider, contact them per their guidelines.
- Craft and deliver a notice to your impacted customers as required.
But the best defense against a breach may well be educating your staff and customers to the ever-present dangers of a cyberattack. NXTsoft specializes both in education against, and response to, cyberattacks. Stay cyber safe.