The Importance of Being Proactive: Why You Need A Breach Response Plan
August 6th, 2015 by admin
Each month, Microsoft releases a new security bulletin. In May of 2015, forty-six vulnerabilities had been identified and fixed, spanning products such as Windows, Internet Explorer, and Office. In June, it was even more. While some of these vulnerabilities were low-threat, others were more critical, like the numerous Internet Explorer weaknesses that would allow attackers easy access to execute very harmful activity.
As vulnerabilities like these are not always exploited, many companies take a lax approach to security.
Is every single one of your firm’s computers and servers—whether in your office or in a data center—updated with these recent patches? How about the patches from last month? And those from last year?
Implementing effective security measures takes up time, energy, and resources, but cutting corners can be even costlier—and sometimes downright catastrophic. To avoid the detrimental effects of an attack, it’s essential to maintain an updated breach response plan.
Strengthening Your Incident Response Plan
In the Digital Age, the occasional technology breach is inevitable. A well-developed breach response plan can help curtail damage in the event of an attack, natural disaster, or other unforeseen event. Here are a few things to consider when creating your plan:
- Review your security plan at least twice a year. This will allow for any additions or adjustments as necessary.
- Compose a list of clients, their appropriate contacts, and proper notification protocol for each.
- Assign responsibilities to individual parties where detailed action is required. Leave nothing to chance. If it’s a crucial matter, be sure you know exactly who is responsible for handling the task at hand.
- Compile a guidance list of “proper responses” to execute based on the nature and severity of the breach.
- Devise a restoration plan in which backups and other necessary files are recovered.
- Managed Service Providers can help develop well-designed response plans. Their knowledge of malware, virus prevention, and disaster recovery is priceless when a serious threat emerges.
After a breach, you have to clean up. This can involve following your disaster recovery protocols, using tools to clean up the mess, and notifying your clients and business partners.
Your data may be damaged, and you may need to shut down your company operations while you recover data, software, and operating systems from your backup system (assuming that system has not been damaged too).
You will need to figure out how the breach occurred and implement improved security measures to keep it from happening again. Why clean up the mess, only to get hit again with the same problem? A breach can indicate a security lapse, like ignoring updates and patches for servers, workstations, anti-virus, and anti-malware software.
In some states and some industries, you are legally required to notify your clients, employees, and business partners of the breach.
Traffic Monitoring Tools
Traffic monitoring tools can detect hidden malware and communication traffic between your network and the Internet that might indicate a breach. One of these tools is Unified Threat Management (UTM) software that can be implemented inside your office’s firewall as part of a service program.
With the plethora of managed service providers and security tools available, it’s easier than ever to start creating your incident response plan. Getting ahead on your security is a smart business move that could save you a great deal of time and money in the long run.
Preventing Breaches in the First Place
Be smart. Save labor. Save money.
Hackers are growing in number, not shrinking, and they are being paid more and more for their efforts in ransom, extortion, fraudulent advertising, and other areas. The problem isn’t going to get better—so you need to be prepared.
It’s a real pain to recover from a breach. It’s time-consuming, and it can be embarrassing for your firm’s reputation. Your company’s leadership may even come into question by customers and staff.
That’s why the smartest move is to prevent security problems before they happen.
Ask yourself these questions:
- Are your anti-virus and anti-malware systems up to date? (In other words, have you made updates in the last day?)
- Is each and every one of the workstations, laptops, and servers in your organization patched and protected against viruses?
- Do you have a service program that assures patches are up to date—and if an installation is missed or fails, is someone in charge of fixing the problem?
- Do you scan your emails for malware and viruses before they come to your email server, wherever it’s located (in your office or in a Cloud data center)?
- Do you scan your emails for malware and viruses repeatedly as they lie in storage on your email server? A virus identified today may not have been known to anti-virus manufacturers a month ago, when you first received an infected message.
- Does your firewall have UTM? (See above.)
- Does your firewall prevent your employees from visiting a sketchy site or being directed, without their knowledge, to a malware-infected website in an innocent-looking email link?
Lastly, do you have a service program or service procedures that manage all of the above? You can’t “load it and you’re done,” and you can’t “set it and forget it.” These services must be actively managed by your own firm or a skilled Managed Services Provider.
Who Does All the Work?
In large companies, these types of proactive security management are carried out by internal IT staffers, outsourced security experts, or a combination of both.
In small businesses, this type of work is best performed by an outsourced Managed Services Provider. It’s becoming too complicated for internal resources to effectively handle proactive security management without outside advice and services. It’s also too complicated and time consuming, in many cases, for a small IT service shop or a single “IT Guy” to keep up with the rapid evolution of network security threats and barriers.
How Do You Know If You’re Protected?Simple. Hire an IT consulting firm, an IT consultant, or a Managed Services Provider to perform an audit of your company’s computer network. You want to test at least four things:
- Your internal network security
- The security between your internal network resources and the outside Internet (outward flow)
- The security between the Internet and your inside resources (inward flow)
- Compliance with any regulatory security that applies to your type of business
After almost every virus attack or security breach we hear about, the affected company’s managers say, “I thought we were covered.”
Last month at MPA, we heard this from the manager of a furniture distribution company in the East Bay after ALL of their data and backups were destroyed by a virus. If that happened to your business, could you survive?
Don’t wait until you have a catastrophe on your hands to find out whether your current coverage is enough. Order a Technology Assessment/Security Audit today.
Posted in: Cyber and Data Security