If you‘re in cyber security, you already know that there are a lot of guides advising both individuals and companies what should they do after a data breach. However, there are not that many guides centered around what not to do after a data breach. Treat this guide as a walkthrough towards the right direction.
After the Confirmation
Picture a scene like so – you‘re a security engineer working at a well-known company and you just had a meeting with your team. In the meeting, the head of the security team has presented you with news that nobody likes to hear – last week, the systems powering the software that is being sold by the company were breached. A data breach is always bad news – no matter the reason behind it. The good news is that the data breach was already confirmed, so alongside with knowing what to do after it has occurred, you should also keep in mind what not to do after it has been confirmed.
First, stay calm and collect yourself, report the data breach to the appropriate body without undue delay (check the laws pertaining to the jurisdiction you‘re in – in many countries the deadline is 72 hours after a company becomes aware of it), then follow the steps outlined below:
- Don‘t panic – the first piece of advice goes hand-in-hand with staying calm and collecting yourself and you might not believe it, but staying calm can do wonders. The worse the data breach is, the worse the problems for the company involved, but staying calm helps you help your team, help the clients of the company, and, better yet, helps your team work in sync to make better decisions both now and in the future.
- Avoid making impactful decisions straight after the event – instead, first read up on best security practices on reputable information security blogs like the one backed by BreachDirectory and think about the next steps your security engineering teammates should take.
- Avoid working on the impacted application immediately – instead, make a backup of it. Completing this step will help the company secure evidence of a data breach and forward it to authorities if they ask for it when investigating.
- Avoid delays in informing your customers (and, if needed, partners) about the data breach – the sooner your customers and users are informed, the sooner they can change their passwords, and the sooner they change their passwords, the sooner the data dump the attackers may have taken will become obsolete.
Stay calm and walk your team through the steps outlined below – the sooner they will be completed, the better. Opt to search up yourself and your teammates through data breach search engines like the one provided by BreachDirectory and advise your security team to implement the BreachDirectory API into the infrastructure of the application the company is providing – the API will let your company make sure that it does not fall victim to data breaches in the future by letting your team scan through lists of data breaches to make sure your team, clients, and everyone involved becomes aware of possible identity theft as soon as possible.
We hope that this article has provided you with some valuable information – completing the steps mentioned in this article will help ensure your team is on the right path whatever happens. Make sure to read up on our blog for further information in the security space, follow us on LinkedIn and Twitter for future updates, and we will see you in the next one.