how to make a data breach recovery plan
TRANSCRIPT
HOW TO MAKE A DATA BREACH RECOVERY PLAN
HOW
TO M
AKE A DATA BREACH RECOVERY PLAN
Data Breach Recovery Plan
Data Breach Recovery Plan
• The moments after a data breach are the most crucial to a company. That is why it is so important to have an established data breach recovery plan that clearly details the actions that need to be taken at the first sign of a breach.
• We are going to go through 5 easy steps to establishing a recovery plan.
HOW
TO M
AKE A DATA BREACH RECOVERY PLAN
Data Breach Recovery Plan
Step 1: Isolate Impacted Systems
• Isolate the breached machine from your network in order to prepare the system for forensic analysis. It will be important to look at all systems that interact with the compromised system.
HOW
TO M
AKE A DATA BREACH RECOVERY PLAN
Data Breach Recovery Plan
Step 2: Make a Clean Start and Recovery
• This step should include updating credentials (passwords, encryption keys, etc.).
• At the server level, the same steps should be taken. If rebuilding is not possible, bring in experts who are capable of cleaning the system. Attempting to have untrained personnel perform this activity could lead to further breaches down the road.
• After your system has been rebuilt, ensure that all systems are up to date with patches.
HOW
TO M
AKE A DATA BREACH RECOVERY PLAN
Data Breach Recovery Plan
Step 3: Increase Monitoring
• Increasing monitoring can locate where the breach took place, and any other compromised servers
• Attackers may attempt to enter your system a second time while your system is down.
• There’s a good chance your system has a greater asset value than you originally thought. Increased monitoring is always a good option to help you keep an eye on things no matter where you are in terms of security.
HOW
TO M
AKE A DATA BREACH RECOVERY PLAN
Data Breach Recovery Plan
Step 4: Make Note of Lessons Learned• It’s always important to learn from a breach and the reaction of
your incident response team. In the aftermath of a breach, it’s best to look at the existing processes that enabled the attacker to access your firm’s data, and identify any gaps in your incident response process.
HOW
TO M
AKE A DATA BREACH RECOVERY PLAN
Data Breach Recovery Plan
Step 5: Communicate
• After a breach, communication is important, not only within your organization and your incident response team, but also with customers and any other users who may have been impacted.
• It is imperative to make sure these communications go through your organization’s legal department and outside counsel.