Data breach – What steps should you take?
You may believe that you have nothing of value for a cybercriminal to steal. Why would they want to rummage through your run-of-the-mill data and try to steal your identity?
Unfortunately, the more ‘mediocre’ your identity, the better; it allows cybercriminals to fly under the radar as they cause you financial loss , scam your friends and family through your social media accounts, or gain access to your organisation’s sensitive information.
Data breaches can expose your passwords and sensitive information, such as your name, address, date of birth, phone number, or credit card details. If you experience account takeover fraud (ATO), cybercriminals can use your personal information to open fraudulent credit accounts, steal your tax refund, and even obtain medical treatment in your name.
If you experience a data breach or malware infection, the following steps should be taken:
- Isolate the affected system
- Notify the relevant parties
- Remove the malware
- Activate backup and disaster recovery
- Investigate the source of the breach
- Implement remediation steps
- Monitor and review
Let’s take a closer look:
Step 1: Isolate the affected system
The first step is to identify the breach or infection and isolate it as soon as possible to prevent further damage. This can be done by disconnecting the infected device from the network or the internet to limit the spread of the malware or breach.
Step 2: Notify the relevant parties
If the breach involves sensitive or confidential data, it is critical to notify all parties involved, including customers or clients, as well as any regulatory bodies or authorities mandated by law. As soon as a personal data breach is discovered, you must notify your organisation’s Data Protection Officer (DPO). A DPO is the person in your organisation who oversees that the personal data of your employees, customers, providers, or other individuals is held in accordance with the applicable data protection rules.
Step 3: Remove the malware
Using reputable malware removal tools, remove the malware from the affected system. You might need the help of an IT professional. Acronis Cyber Protect Cloud provides an integrated approach that combines cloud backup with cyber security features like anti-malware and antivirus. It safeguards your system against viruses, trojans, worms, spyware, ransomware, botnets, and other potentially unwanted applications.
Step 4: Activate backup and disaster recovery
If data has been lost or corrupted, restore it from backups taken prior to the malware infection or breach. If you use Acronis Cyber Protect Cloud, you can use the backup and disaster recovery feature to recover any data that was lost or corrupted because of the breach or infection. Thankfully, Acronis prevents restoring infected files from backups with built-in malware scanning, including for encrypted backups. It scans full disk backups for malware, ensuring that users are restoring a clean and malware-free backup.
Step 5: Investigate the source of the breach
Once the breach has been contained and the data has been restored, investigate the source of the breach to identify the vulnerability that was exploited and prevent future incidents. This may involve reviewing logs, analysing network traffic, or working with forensic experts.
Step 6: Implement remediation steps
Based on the investigation, implement remediation steps to address any vulnerabilities or weaknesses that were identified. This may include applying security patches, updating security software, or implementing new security controls.
To gain access to accounts, hackers frequently use leaked passwords, passwords reused across multiple accounts, weak passwords, and single-factor authentication. Individuals and organisations must use multifactor authentication to combat these tactics, especially on systems containing sensitive data. After an attack, you will also need to change all passwords and manage access rights. Access to systems with powerful administrative tools or sensitive data should be tightly controlled, with all but essential employees excluded, and privileges should be time-limited or one-time-only where possible.
You may need to remind employees how to recognise common security threats such as phishing emails, suspicious links, or unauthorised downloads.
Step 7: Monitor and review
It is critical to monitor your systems and review your security controls following the incident to ensure that you are protected from future breaches or infections. This may entail performing regular vulnerability assessments, reviewing access controls, and updating your security software.
Drop us an email if you would like to find out more about our cybersecurity solutions.