how to make a data breach recovery plan

7
HOW TO MAKE A DATA BREACH RECOVERY PLAN

Upload: record-nations

Post on 11-Apr-2017

126 views

Category:

Data & Analytics


2 download

TRANSCRIPT

HOW TO MAKE A DATA BREACH RECOVERY PLAN

HOW

TO M

AKE A DATA BREACH RECOVERY PLAN

Data Breach Recovery Plan

Data Breach Recovery Plan

• The moments after a data breach are the most crucial to a company. That is why it is so important to have an established data breach recovery plan that clearly details the actions that need to be taken at the first sign of a breach.

• We are going to go through 5 easy steps to establishing a recovery plan.

HOW

TO M

AKE A DATA BREACH RECOVERY PLAN

Data Breach Recovery Plan

Step 1: Isolate Impacted Systems

• Isolate the breached machine from your network in order to prepare the system for forensic analysis. It will be important to look at all systems that interact with the compromised system.

HOW

TO M

AKE A DATA BREACH RECOVERY PLAN

Data Breach Recovery Plan

Step 2: Make a Clean Start and Recovery

• This step should include updating credentials (passwords, encryption keys, etc.).

• At the server level, the same steps should be taken. If rebuilding is not possible, bring in experts who are capable of cleaning the system. Attempting to have untrained personnel perform this activity could lead to further breaches down the road.

• After your system has been rebuilt, ensure that all systems are up to date with patches.

HOW

TO M

AKE A DATA BREACH RECOVERY PLAN

Data Breach Recovery Plan

Step 3: Increase Monitoring

• Increasing monitoring can locate where the breach took place, and any other compromised servers

• Attackers may attempt to enter your system a second time while your system is down.

• There’s a good chance your system has a greater asset value than you originally thought. Increased monitoring is always a good option to help you keep an eye on things no matter where you are in terms of security.

HOW

TO M

AKE A DATA BREACH RECOVERY PLAN

Data Breach Recovery Plan

Step 4: Make Note of Lessons Learned• It’s always important to learn from a breach and the reaction of

your incident response team. In the aftermath of a breach, it’s best to look at the existing processes that enabled the attacker to access your firm’s data, and identify any gaps in your incident response process.

HOW

TO M

AKE A DATA BREACH RECOVERY PLAN

Data Breach Recovery Plan

Step 5: Communicate

• After a breach, communication is important, not only within your organization and your incident response team, but also with customers and any other users who may have been impacted.

• It is imperative to make sure these communications go through your organization’s legal department and outside counsel.