It’s finally happened: you’ve been hacked. Maybe it’s tempting to panic, but that won’t solve anything. Here’s a simple, straightforward guide for what to do when your network’s security has been breached. And if you haven’t been breached yet, these are good tips to include in your established incident response plan.
Who that is will depend heavily on the type of incident. If it’s an incident that resulted in a call from the FBI, you’ll want to get Legal on the phone yesterday. If you think the breach resulted in the loss of trade secrets, call the executive board together for an emergency meeting. Don’t put off contacting these resources.
Your response team should be an experienced group of IT and business professionals, tapped to respond to any incident of this nature. You’ll need to investigate the cause of the breach, take immediate steps to ensure security isn’t further compromised, and figure out how to restore normal business operations, securely.
Your plan also needs to include any public relations or other communications issues that need to be addressed. A security breach is something you definitely want to get out ahead of when it comes to managing your image and public sentiment.
One thing these communication efforts should not include is speculation of any kind. While the response team itself may engage in speculation in the course of the investigation, any outward-facing communications should deal only in facts. It’s embarrassing or worse to have to tell the board of directors or the media that your initial reports weren’t accurate.
Just because the incident itself is over doesn’t mean there’s not more to do. We often think we’re prepared for a crisis, but when one finally hits, we find that perhaps our preparation wasn’t quite as thorough as we’d imagined. This is the perfect opportunity to evaluate what you did well (and didn’t do well), and to hone your incident response plan accordingly. About a week after the breach has been thoroughly addressed, call a response team meeting and discuss the entire process from start to finish. Also, consider including others from outside the team who may be able to lend a unique perspective.