- How IoT Devices Can Help You and Your business
- WebEx – A World of Possibility
- Creating Your Breach Response Plan Now Will Save You Thousands Down The Road
- Been hacked? Here’s what you must do next.
- The Need for Pen Testing is At an All-Time High
- 5 Ways an IT Reseller Improves Your Performance and Peace-of-Mind
- 5G and Wi-Fi 6: Faster, more flexible, and future ready. Are you?
- Network and Data Security for Returning and Remote Workers + Disaster Recovery Symposium
- Collaboration and Cisco WebEx: Protecting Your Data
- Thursday’s Virtual Conference Tackles Today’s Supply Chain Trials and Tribulations
- 10 Tips to Reduce Cloud Storage Risk
- COVID-19 Crisis Fuelling IT Spending
- Supply Chain/Logistics Experts Share Their Expertise
- Cisco Breach Defence Overview
- Announcing Our New Website and Blog
This post will take you 4 to 5 minutes to read – but it may be the best minutes few minutes you spend today.
We’ve all heard the phrase, “It’s not a matter of if you will suffer a breach, but when.” On Thursday, October 1, Dan Mathieson, Mayor of the City of Stratford, said, “It’s not a matter of when you’ll be hacked, but how often – and how prepared you’ll be for the next one.”
As a leader who shepherded his city through recovery from a major breach, and has helped other organisations (hospitals, fire departments, etc.) and neighbouring municipalities deal with ransomware and other cyber attacks, he is uniquely-positioned to make that statement. Sobering. Scary. But not insurmountable.
Mathieson’s thoughts and approach are echoed by cyber-readiness lawyer Carol Piovesan, and inspectors from the RCMP Cybercrime Investigative Team. Here is their collective 5.5-step approach for responding when you suffer a breach.
First, what constitutes a breach?
According to the authorities, any time that data , especially someone’s personal data, is accessed by an employee or outsider who does not have permission to see that data, a breach has occurred.
Sometimes it’s malicious; sometimes it’s purely accidental. For instance, a filing cabinet is thrown out before being emptied, and data gets viewed by garbage collector. Or someone has company data on a thumb drive or laptop, and leaves the device on public transit. According to authorities, this all falls under the umbrella of a data breach and must be investigated.
The very first moment you have any suspicion that your data and/or network has been breached, you must implement your response plan. Don’t have one? Please check out tomorrow’s blog post; we’ll lay out the items to include.
Here are the 5 steps to take – almost simultaneously.
#1 The RCMP says: Call law enforcement ASAP. Your local police department is fine. Local divisions work closely with the National Cybercrime Coordination Unit (NC3). Jason Greeley, Director, Cyber Crime, Federal Policing Criminal Operations, RCMP, says, “If your corporate headquarters are robbed, you call the police right away. It’s the same thing with a cybercrime.”
He adds, “Under-reporting is a problem in Canada. We would rather be called in right away, because evidentiary gathering opportunities are better the sooner we get involved. If you’re uncertain, let us decide if a crime has been committed. When things are moving at the speed of a packet, every second counts.”
#1 The lawyers say: Call your lawyers ASAP. Some information will be subject to client solicitor privilege; you need to know what can be shared, and with whom.
Many companies also have mandatory reporting protocols to consider. For instance, HIPAA compliance is very clear about what needs to be reported and when. In other industries, the Privacy Commissioner may need to be involved. Let your legal team guide you through this process.
Note: We numbered both these “1” because they need to be done concurrently.
#2 Mobilize your tech team. Containment is critical. Your team leaders need to understand what is happening as quickly as possible and may need to take your system off-line to contain the breach, depending on the nature of the “incident” and the type of data you store.
Obviously this is not done lightly. There can be life-and-death consequences if healthcare systems are taken off-line because the EMR database has been breached. For businesses, stopping production can impact the bottom line to the tune of thousands of dollars an hour. Nevertheless, it is critical to get a handle is going on as soon as possible. Having good protocols and cyber security solutions in place will make this much easier.
#3 Contact your insurance company.
#4 Have your communications and PR teams on standby. Consistent communication with your employees, clients and other stakeholders will be key throughout the process. People need to know what to do next and will be looking to your leadership for direction. You also need to protect the company’s reputation by having open, yet controlled and strategic dialogue with the press.
#5 As you go through your remediation steps, notes should be taken of what happens and what needs to be adjusted to minimize the likelihood of future attacks, or at least reduce their potential impact.
I wish I could say you will never fall victim to ransomware or other malware, but that is not the world we live in today. We’re happy to work with you, or colleagues in other companies, to assess your current system and endpoint vulnerabilities. We can recommend software solutions that will reduce your risk, sometimes greatly, along with backup and disaster recovery solutions to get you up and running quickly should disaster strike. Or should I say, when disaster strikes?
Earlier in this note we said that the problem is not insurmountable. With good preparation and professional counsel, that is true. But you do need expert, outside advice. Even if you don’t call us, please seek an expert’s opinion – sooner, rather than later, or when it’s too late.