- Breach Incidence and Costs On the Rise Again + 5 Ways to Reduce Your Risk
- Cybersecurity Insurance Policies Require Security Audits and Pen Testing
- Wireless strategies for business continuity gain importance as enterprise expand IoT, cloud, and other technologies
- How Cybercrooks are Targeting YOU
- Enabling Digital Transformation with Cisco SD-WAN
- WFH Post Pandemic – What It Will Look Like. What You’ll Need.
- Leaders to looking to the IoT to improve efficiency and resiliency
- Cyber Security Vernacular – Well, some of it, for now
- Why You Need Disaster Recovery, NOT Just Back-Ups
- 10 Reasons Why Having an Expert Manage Your Cybersecurity Makes Sense and Saves Dollars
- Converting CapEx IT Investments into Manageable OpEx
- The Hybrid Workplace – Planning the Next Phase
- Cisco Cloud Calling: Empowering Customers to Thrive with Hybrid Work
- When You Can’t Access the Cloud
- How to Keep On Keeping On
- New Cisco Research Reveals Collaboration, Cloud and Security are IT’s Top Challenges
- Threats from Within on the Rise
- Cloud Covered? If Not, Take Cover!
- Zero Trust and Forrester Wave Report
- Password Based Cyber Attack: Like Leaving Keys Under Doormats
- So, What’s Up With Sensors?
- Sensors and Systems Create a Digital “Last Mile” and Help Skyrocketing Costs
- Scanners Provide Peace of Mind for Returning Students and Workers
- Sensors Improve Operations and Bottom Line… Easily and Cost-Affordably.
- Cisco Meraki Looks at 2021
- 2020 Holiday Shopping: Cybersecurity and Other Tips to Safeguard Wallets and Systems
- How to make the most of the technology you have
- Personnel, Planet and Business Progress: More Interdependent Than Ever Before
- Sure… you can get them all in the boat – but can you get them to work well together?
- Pushing the Zero Trust Envelope – Cisco is Named a Leader in the 2020 Forrester Zero Trust Wave
- Cloud Data Must be Protected, Too!
- Don’t Let Anyone Get the Dirt on You – Make It Instead!
- How IoT Devices Can Help You and Your business
- WebEx – A World of Possibility
- Creating Your Breach Response Plan Now Will Save You Thousands Down The Road
- Been hacked? Here’s what you must do next.
- The Need for Pen Testing is At an All-Time High
- 5 Ways an IT Reseller Improves Your Performance and Peace-of-Mind
- 5G and Wi-Fi 6: Faster, more flexible, and future ready. Are you?
- Network and Data Security for Returning and Remote Workers + Disaster Recovery Symposium
- Collaboration and Cisco WebEx: Protecting Your Data
- Thursday’s Virtual Conference Tackles Today’s Supply Chain Trials and Tribulations
- 10 Tips to Reduce Cloud Storage Risk
- COVID-19 Crisis Fuelling IT Spending
- Supply Chain/Logistics Experts Share Their Expertise
- Cisco Breach Defence Overview
- Announcing Our New Website and Blog
As a leader who shepherded his city through recovery from a major breach, and has helped other organisations (hospitals, fire departments, etc.) and neighbouring municipalities deal with ransomware and other cyber attacks, he is uniquely-positioned to make that statement. Sobering. Scary. But not insurmountable.
Mathieson’s thoughts and approach are echoed by cyber-readiness lawyer Carol Piovesan, and inspectors from the RCMP Cybercrime Investigative Team. Here is their collective 5.5-step approach for responding when you suffer a breach.
First, what constitutes a breach?
According to the authorities, any time that data , especially someone’s personal data, is accessed by an employee or outsider who does not have permission to see that data, a breach has occurred.
Sometimes it’s malicious; sometimes it’s purely accidental. For instance, a filing cabinet is thrown out before being emptied, and data gets viewed by garbage collector. Or someone has company data on a thumb drive or laptop, and leaves the device on public transit. According to authorities, this all falls under the umbrella of a data breach and must be investigated.
The very first moment you have any suspicion that your data and/or network has been breached, you must implement your response plan. Don’t have one? Please check out tomorrow’s blog post; we’ll lay out the items to include.
Here are the 5 steps to take – almost simultaneously.
#1 The RCMP says: Call law enforcement ASAP. Your local police department is fine. Local divisions work closely with the National Cybercrime Coordination Unit (NC3). Jason Greeley, Director, Cyber Crime, Federal Policing Criminal Operations, RCMP, says, “If your corporate headquarters are robbed, you call the police right away. It’s the same thing with a cybercrime.”
He adds, “Under-reporting is a problem in Canada. We would rather be called in right away, because evidentiary gathering opportunities are better the sooner we get involved. If you’re uncertain, let us decide if a crime has been committed. When things are moving at the speed of a packet, every second counts.”
#1: The lawyers say: Call your lawyers ASAP. Some information will be subject to client solicitor privilege; you need to know what can be shared, and with whom.
Many companies also have mandatory reporting protocols to consider. For instance, HIPAA compliance is very clear about what needs to be reported and when. In other industries, the Privacy Commissioner may need to be involved. Let your legal team guide you through this process.
Note: We numbered both these “1” because they need to be done concurrently.
#2: Mobilize your tech team. Containment is critical. Your team leaders need to understand what is happening as quickly as possible and may need to take your system off-line to contain the breach, depending on the nature of the “incident” and the type of data you store.
Obviously this is not done lightly. There can be life-and-death consequences if healthcare systems are taken off-line because the EMR database has been breached. For businesses, stopping production can impact the bottom line to the tune of thousands of dollars an hour. Nevertheless, it is critical to get a handle is going on as soon as possible. Having good protocols and cybersecurity solutions in place will make this much easier.
#3: Contact your insurance company.
#4: Have your communications and PR teams on standby. Consistent communication with your employees, clients and other stakeholders will be key throughout the process. People need to know what to do next and will be looking to your leadership for direction. You also need to protect the company’s reputation by having open, yet controlled and strategic dialogue with the press.
#5: As you go through your remediation steps, notes should be taken of what happens and what needs to be adjusted to minimize the likelihood of future attacks, or at least reduce their potential impact.
I wish I could say you will never fall victim to ransomware or other malware, but that is not the world we live in today. We’re happy to work with you, or colleagues in other companies, to assess your current system and endpoint vulnerabilities. We can recommend software solutions that will reduce your risk, sometimes greatly, along with backup and disaster recovery solutions to get you up and running quickly should disaster strike. Or should I say, when disaster strikes?
Earlier in this note we said that the problem is not insurmountable. With good preparation and professional counsel, that is true. But you do need expert, outside advice. Even if you don’t call us, please seek an expert’s opinion – sooner, rather than later, or when it’s too late.
Note: Although these are steps recommended by multiple cyber-security specialists, we recommend you consult your legal team for direction on how to proceed in the event of a breach. Also, as stated in our Breach Preparedness Planning post (October 6th), it is advisable to consult your lawyers, governance officers, insurance company and other decision-makers in your firm before anything untoward happens, so that you know how best to respond for your specific company’s set of circumstance within the industry and jurisdiction in which you do business. Sounds serious. It is.