Let’s face it…we live in an unpredictable world where disaster can strike at any moment. A security breach should not be a matter of “if” but “when.”
Here’s how you can survive your first breach
1. Build Relationships Outside of the IT Department
If you like meeting new faces around the organization, a security breach provides ample opportunity to do so – albeit at the worst possible time. A breach is going to involve personnel from a whole slew of departments: legal, executive, and PR to name the most obvious candidates. Maintaining an established channel with these groups and an understanding of how both your and their jobs will interact during a security breach can save a lot of rushed paperwork and tense meetings during your time of crisis.
2. Avoid the Blame Game
There’s a notion in info-security that the work done by the IT department is possibly the most important thing in the company – that without them, the whole organization would fall to its knees and succumb to raiding bandits. It’s time to accept some cold hard facts. There are much greater risks to a company’s operational capacity and profitability than a security breach. Remember, the job of the IT department isn’t to prevent this from happening (which is nearly impossible,) but to lessen the impact when it does. Avoid blaming the IT department when technology issues arise.
3. Comply With Regulations and Then Go Further
This may be preaching to the choir – we understand that “Compliance Is Not Security™” — but understand that a security control that isn’t monitored is even worse than no control at all. The Intrusion Detection System that doesn’t have someone actively administrating it and looking at the alerts is just another avenue intruders can use against you (and one with significant access to all network traffic!) Just because you’re in an industry that requires you to keep all log data for 90 days doesn’t mean you shouldn’t store everything for a year. After all, storage is ridiculously cheap and security breaches don’t happen inside a matter of minutes – the initial signs of intrusion and persistence may show up in logs from months ago. When you need them, you’ll be glad you kept them.
4. Maintain Open Communication at All Levels
From end-users to executives, the number one priority during a breach is information – information that’s going to take time to acquire. Making clear decisions and acting on them is the top priority during breach discovery and recovery. Be sure to work together as a team to communicate the source of the breach and take steps towards recovery.
5. Practice Makes Perfect
I know this one is obvious, and I don’t mean to insult your intelligence by including it here, but I also know you’ve been wanting to get some bench exercises performed within your data security system for quite some time – and yet, it keeps getting postponed in favor of more pressing, “real,” work. Stop it right now. Your business should be centered on the inevitability of the worst-case scenario. Why aren’t you preparing for it? Practicing it? Has your company engaged the services of a pen-testing company recently? Did you treat their actions as a breach to be investigated? Did you match what you were capable of detecting and investigating against the report of what they did? No matter what it takes, get the practice in now – because when the time comes for points 1-5 to take effect, the last thing you want to be doing is making it all up as you go.