Falling victim to a cyberattack is one thing, but failing to implement a robust disaster recovery plan will make matters a whole lot worse. If you’ve been paying attention to the headlines over the past few years, you know that even some of the largest organizations have been finding this out the hard way, having failed to meet their data security obligations.
The most important thing to realize is that any organization, no matter how modern it might be and what sort of technological methods it takes to safeguard its data, can become a victim. That’s why a disaster response and recovery plan is essential to the future of your business. Here are the key steps every business should take following a data breach:
Admit Your Failings
Of course, there’s no joy in admitting to your customers, investors and partners that their data has been or may have been compromised while under your responsibility. However, much worse is attempting to cover up the problem, and you’re required by law to inform the public immediately. Failing to do so can leave your business facing intense legal scrutiny, massive fines, and permanent damage to your reputation.
You should inform the public as soon as possible upon confirming that a data breach has taken place. Aside from fulfilling your legal obligations, being transparent in such matters will also give your customers a chance to change their login details. Moreover, sending a written notification to your customers is required by law. You’ll need to inform them of the time the data breach occurred and what sort of data was compromised.
Some organizations, depending on any industry-specific regulations they might face, may also be required to take some additional steps. For example, HIPAA legislation, which concerns any healthcare providers and third parties handling sensitive data on their behalf, requires that organizations inform a major media outlet when breaches affect more than 500 customers.
Implement Your Disaster-Response Plan
Every business needs to have a disaster-response plan that’s reviewed regularly and kept up to date according to your current computing infrastructure. Your plan should provide a list of steps to take to resolve the issue as quickly as possible as well as a list of contacts for any relevant vendors, service providers, attorneys, and IT support teams.
Your IT support department or external computer forensics team will need to test the entire network to determine how the attack occurred, which vulnerabilities it exploited, and which systems it affected. As soon as a security breach is detected, you should also disconnect any affected systems from the network to ensure that any ongoing attack can be stopped in its tracks.
It’s especially important that everyone on your team knows about your response plan so that they know exactly what to do in the event of a data breach. Your employees need to know whom to report to, and they need to be held accountable to one another. Another key step is to change the passwords and secondary authentication credentials for every affected account.
After successfully halting an attack in progress and locking down your network, you’ll be ready to implement the disaster-recovery process. You’ll want to recover affected systems by priority, as per the recovery objectives defined in your DR plan. All plans should define a recovery point objective (RPO) and recovery time objective (RTO). These parameters stipulate the maximum amount of data you can afford to lose and the maximum amount of time it should take to get the affected system back online, respectively. Depending on their priority, different systems may have different RPOs and RTOs.
At Total Tech Team, we realize that few small-sized businesses can afford to have their own dedicated in-house IT support teams. That’s why we are here to offer peace of mind with impeccable support and managed services you can depend on. Call us today if you need an IT team that works!