What to do if you’ve had a security breach
Attacks against banks, stores, government institutions, including social networking sites are constantly being reported. Even the most tech savvy are not immune from hackers.
LinkedIn is still dealing with the fall-out of a hacking that occurred in 2012. Millions of LinkedIn users were exposed and earlier this year the email addresses and passwords of a large number of these were posted online.
The personal social media accounts of tech entrepreneur and Facebook Founder, Mark Zuckerberg, were recently hacked. Zuckerberg’s Twitter and Pinterest accounts were accessed, as well as the social media accounts of other celebrities. It’s presumed that Zuckerberg was using the same password for LinkedIn and his Twitter and Pinterest accounts. It’s not surprising that one of the world’s most successful technology entrepreneurs is still human and guilty of ignoring the basic security practice of safe password management.
Security breaches in Australia
The latest International Trends in the Cybersecurity report found that 63% of businesses in Australia by at least one security breach in the past 12 months.
Symantec have also identified Australia as the leading target for ransomware attacks in the southern hemisphere, with the average number of daily attacks increasing by 141% compared to last year.
Organisations small and large, private companies, and even Government departments are all exposed as the following examples show:
- Kmart – Customer data has been stolen by attackers
- Aussie Farmers Direct – Personal details of more than 5000 of its customers were posted online including customer names, email addresses, physical addresses, phone numbers and product purchase details
- David Jones – Attackers exploited a vulnerability in David Jones’ WebSphere-based website to access sensitive personal details of its customers.
- Office of Australian Prime Minister Malcolm Turnbull – The Australian PM’s department accidentally leaked hundreds of confidential email addresses due to an ‘administrative error’.
So what are the possible security breaches your business could face?
- Malware infecting your system. Malware includes viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, etc. You can unknowingly download this malicious program from a dubious website or a file attachment in an email.
- Hackers. Deliberately accessing your network with the intention to steal client information, altering operating system settings, or rendering your system/website unusable, and so on.
- An employee or contractor. Anyone with legitimate access to data can intentionally access and subsequently leak or un-securely store sensitive information.
- Poor password management. Account passwords or passwords to a computer or device can be too weak or shared with someone.
- Poor file management. Sensitive documents are lost, discarded or stolen.
- Hardware security. A mobile device (such as a laptop, mobile device, or portable memory device) is lost, discarded or stolen.
- Human error. Sensitive information is posted publicly on a website, mishandled or sent to the wrong party by email, fax or mail.
What you should do if you suspect your business has been affected by a security breach:
1. Check for warning signs. This includes: 1) Slow running machines or systems. 2) Increased device crashes. 3) Strange network usage patterns. 4) Unusually large transfers of data to unknown destinations. 5) Visits from unfamiliar IP addresses
2. Identify the scope of the breach. How many systems or machines are affected? Conduct a network and malware analysis to identify which systems and data files have been compromised to avoid spreading the problem.
3. Contain the attack. Once you’ve confirmed your system has been compromised take all your systems offline. This is the only way to contain the attack. Do a thorough investigation and determine how you can protect your system from future attacks.
4. Prevent future attacks. Install, reinstall or update your antivirus. If you think your current antivirus doesn’t provide you with the right level of protection, immediately switch to a better one. Then, fill your other security gaps including educating your employees about behaviours online including visiting unsafe websites, opening suspicious emails, and sharing passwords with anyone.
5. Communicate the breach. Share what happened with key stakeholders, customers, employees and partners. Honesty and transparency is important if others are at risk. Communicate the issues to the people that matter to your business, provide the steps if they need to change anything like passwords or email addresses, and assure them that you’ve taken the necessary steps to secure their information.
Prevention is always better than cure. However, as a business operating in an increasingly digital ecosystem, you must be prepared for the possibility of hackers exploiting any security gaps.
Hire a security expert to protect your systems with multiple levels of security. Finally, be ready with a plan should disaster strike.
If you don’t have in-house security expert, you can contact us for help.