What should companies do after a wide-scale data breach?

What should companies do after a wide-scale data breach?

by Catalin Cosoi - Chief Security Strategist at Bitdefender - Monday, 26 October 2015.

It is not always possible to prevent such attacks, however, it is possible to make them highly unlikely to succeed. It is also possible to limit the extent of possible damage that any given successful attack can cause. The brand’s reputation can also encounter a significant amount of damage, which can be very hard to repair.

Good first steps would be communicating breaches as soon as they are found and providing help for customers to safeguard their money and identities in the face of compromise. Further on, a credible and public initiative to secure systems and data should be implemented. Companies suspecting to have been breached should act quickly and strategically.

There are five key actions that companies such as TalkTalk should follow after a breach:

1. Close the gaps - Secure the area where the breach occurred to limit further damage, as well as help document and preserve evidence for an in-depth forensic analysis.

2. Evaluate the losses - Determine the value of what was stolen and the impact – was it highly sensitive data, how many people were affected, does the organisation have a backup in place?

3. Fix the issue that caused the breach - Clean and repair affected systems in order to eliminate any hacker presence. Change credentials of important online accounts and servers where data is stored and isolate servers, machines and parts of the system, where possible.

4. Notify customers and other parties about the breach - For instance, inform the police if criminal activity is suspected. Monitor the status of the potential victims and sign them up for a credit or identity-monitoring service, if necessary. Take other necessary steps to remediate injuries caused by the breach.

5. Revisit overall security risks - Prevent future intrusions and implement proactive technologies like strong firewalls to enhance security. Site owners should keep their software up to date, use strong passwords to secure server website administrator areas as well as use a security certificate whenever sites are passing personal information between them and a web server database.

Affected customers of the TalkTalk data breach are advised to change their passwords and monitor their bank account activity for fraudulent purposes. Furthermore, customers should contact their bank and Action Fraud, the UK’s national fraud and internet crime agency. Be wary of email and telephone scams, as hackers will try to take advantage of the breach by sending related phishing spam requesting passwords or banking details via telephone.