Security Incidents–Handling Computer Security Breaches: A 2012 Perspective

Tips on handling security incidents

Discovering that your company’s information has been accessed by an unauthorized entity or your servers have been hacked makes for a bad day in the information security profession. Yet, it happens every day, to organizations of every size – exposing client, customer and company data to fraudulent activity that can lead to serious losses.

If your company suffers a security breach, it’s essential to properly handle the incident. The objective is to demonstrate a complete grasp of the situation, while preventing further harm to customer data and the company’s brand. Doing so will enable your firm to regain consumer trust and move forward with everyday business.

The following helpful tips on handling security incidents start with prevention.

First: Focus on Preventing Security Breaches

Preventing a security breach is far better than reacting to one. Controlling and protecting IT assets – like customer information – takes planning and vigilant oversight. Laying a foundation of information security begins with hiring qualified IT security specialists, encrypting information and hardware, automating systems, and testing them on a regular basis.

And don’t overlook the basics:

·         Evaluate current practices and risk control.

·         Manage the flow of company-wide information.

·         Continually assess who needs access to data – and why.

·         Monitor trusted users.

Even with proper planning and vigilance, today’s sophisticated hackers may still breach your company firewall to obtain sensitive information. It pays to be prepared for anything.

Preparing for a Security Breach is Essential

When a firm is not properly prepared to deal with a security breach, the resulting chaos and stress often leads to improper reactions, inadequate responses or bad decisions – any of which can further damage your firm’s reputation.

Preparing for a breach means:

·         Involving all departments, including HR, business management, forensics, and communications or public relations. Train appropriate personnel in their role in the event of a security breach.

·         Anticipating the questions you’ll get from customers, regulators, company stakeholders, and management.

·         Being ready to share information honestly. Transparency is of utmost importance.

·         Designating a skilled communicator as spokesperson to explain the situation and control the damage as much as possible.

·         Including mobile security in all aspects of planning.

·         Testing, evaluating, retesting and re-evaluating.

After planning to prevent security breaches, the IT security manager’s objective is to ensure the team is fully prepared to respond to them. Strong management and leadership skills will be needed to protect the incident response team and avoid making further mistakes when implementing the plan.

Four Tips for Successfully Implementing an Incident Response Plan

1.      Allow your team to rest: After a security breach, you will depend on your incident response team to put their training into action. You may be tempted to request performance above and beyond the call of duty – and being trained IT professionals, your team will likely be inspired to keep going until the job is done.

But it’s important to keep your expectations reasonable and your team’s work hours in check. Be sure your staff takes frequent breaks. Otherwise, their cognitive ability will suffer – potentially leading to more errors. Taking care of your team means sending them home to rest, so they can help you complete the incident response on time and with their health intact.

2.      Assess the situation, then make decisions: Thorough assessment takes priority over quick actions. Remind yourself that it’s okay to take some time to assess the situation, and that you’re properly prepared to handle it. Rush decisions sometimes lead to disaster, so proceed with care.

3.      Avoid the blame game: This tip goes along with #2. Until a thorough investigation is conducted, it’s not a good idea to attribute the breach to a particular person or company. What if you’re incorrect? Along these same lines, avoid the assumption that whoever notified you of the vulnerability point is also the party responsible for any subsequent incident.

4.      Keep the notifying party at a distance: Unless it’s absolutely necessary, avoid the temptation to involve the notifying person or company in the incident response. They may or may not be involved in the breach, but until you know for sure, your judgment could be affected.

Handle Security incidents With Care

It takes consistent effort to stay a step ahead of the sophisticated schemes launched by today’s cyber criminals. While it’s true that prevention is the best defense against cyber crime, vulnerabilities exist in every system, and information security breaches occur every day.

If your business falls victim, tailor these tips to your needs, and you’ll be ready to handle the incident without further damage to sensitive customer and company information. In addition, you’ll be better positioned to help your organization rebuild consumer trust and protect its brand in the marketplace.

Consider taking formal security training to help prevent security breaches. Villanova University offers CISSP certification courses in addition to information assurance training courses.