What you need to do when a data breach occurs
When people hear the words “data breach” they often think “cyber security attack”. But the truth is that a data breach can take place through a multitude of different ways. While the Australian government have implemented the Essential Eight mitigation strategies to help businesses protect their IT infrastructure and data and to improve their overall cyber security posture, every business should implement appropriate security policies and procedures to stop data breaches from occurring. Reputable damage can be done to a business if a data breach occurs, and a business may never recover from it. Therefore, it must be taken seriously.
How do data breaches happen?
A data breach occurs when sensitive data is accessed by a party who does not have the authority to access it. Common ways that data breaches occur:
- Through human error, by an internal employee or past employee or by a business partner, because lack of appropriate access control. It may also not be an error. It may be intentional, to cause harm to a business.
- Through a cyber-attack, however, the data breach may occur long after the attack. For example, in a supply chain attack, malicious actors insert malicious code into third party software and when it gets distributed to its customers it can lay dormant for some time before malicious actors remotely steal information. The data breach can be quiet, or it can be obvious, like in a ransomware attack, where malicious actors hold data as a hostage, threatening to publish it unless a ransom is paid.
How can businesses stop data breaches?
There are a multitude of ways in which business can protect their IT systems and reduce the risks. Security experts can assess a business’s infrastructure and recommend appropriate measures. These can include:
- Strong password security with multi-factor authentication.
- A Zero Trust network security framework where credentials are checked every step of the way as a user navigates through a network.
- Application whitelisting, to stop supply chain attacks.
- Proactively monitor for cyber security threats and ensure security updates and patches are installed immediately as they are released to fix any security vulnerabilities.
What you should do if you’ve noticed a data breach
If you believe a data breach has occurred, your breach management plan should be executed. If you don’t have one, here are some recommended steps to manage a data breach. It is best though to reach out to a certified security expert so they can not only assess the situation, but they can also recommend strategies to stop it from happening again:
- If your business has experienced a cyber-attack, disconnect the internet as a starting point to disable all remote access. Maintain firewall settings and immediately install any pending security patches. Replace all passwords with strong passwords.
- Resist the urge to delete any files you believe to be infected. Keeping records helps to identify how the attack happened and who may be responsible and will assist in tracking any undetected malicious code. IT systems must be assessed to understand how malicious actors made their way in so vulnerabilities can be patched. Check security and firewall logs, email providers and antivirus programs for any information that might help.
- How widespread is the breach? Are systems secure? If you believe only one server is infected, section it off from other devices are servers in your network to stop any malicious code from spreading. If you believe you are the victim of a supply chain attack, reach out to the vendor and connect with other affected businesses to share resources and strategies.
- Inform your insurance company.
- In the case of human error or intentional human unauthorised access, review security logs to determine the perpetrator and act accordingly. This may involve tightening procedures or turning evidence over to a forensic investigator.
- Document every step as this information will be useful not only patching up current system vulnerabilities, but the information can be used to inform disaster recovery planning or cyber security strategy and procedures going forward.
- Develop a communication strategy around those that need to be notified, including internal and external stakeholders and include actions that will be taken to reassure people.
Responding to a data breach – legislative requirements
When unauthorised access to sensitive data such as personal information has taken place, there are legislative requirements that can often scare businesses. This is where a Managed Service Provider (MSP) can help as they have certified security professionals that are across all that needs to be done. They can assist in gathering the required paperwork which can be quite time consuming and lengthy and includes documents such as summary reports, backup logs, email backups, receipts, and other reporting requirements.
Under the Notifiable Data Breach (NDB) Scheme, data breach notification needs to take place when an “eligible data breach” has occurred and it must be reported to The Office of the Australian Information Commissioner (OAIC) in line with the Privacy Act 1988. According to the NDB scheme, an eligible breach occurs when there are reasonable grounds to believe that there has been unauthorised access to, or disclosure of personal information that is likely to result in serious harm to affected individuals and the business is unable to prevent the likely risk of serious harm. Whether this has occurred or not can be ascertained by conducting a risk assessment.
Affected individuals must also be notified of data breach incidents within thirty days or a business may be found to be negligent and face substantial fines by law enforcement agencies. There are personal implications that can result from a data breach such as financial loss, reputable damage, or humiliation.
Data breaches and cyber-attacks can be prevented by implementing data protection strategies and information security. Steps to protect your business can be taken with the guidance of certified security professionals who have seen it all and can take a proactive rather than a reactive approach. Talk to the experts at RODIN to find out more.