30 Sep 2011

How to handle a security breach

How seriously does your business take IT security and what would you do in the event of a breach?

A number of recent hacks would suggest that businesses should be considering these questions.

In Australia, for example, the systems of the NBN provider platform networks were recently compromised by the self-taught hacker called Evil, allegedly an unemployed truck driver.

And in the US, Sony’s PlayStation network was compromised by the hacking group LulzSec, which released thousands of the network’s user names and passwords.

Other wounds have been self-inflicted. Dropbox, for instance, fell victim to its own programmers, who accidentally allowed anyone to log into its accounts without a password.

What these events demonstrate is the widening array of digital threats, from lone operators, from organised groups and from internal mis-administration.

For businesses serious security breaches can have disastrous effects, ranging from damaged reputations to complete operational disruption.

So what can you do if your systems fail you and you find yourself the subject of a breach?

The proper response is all about crisis management.

Have a plan beforehand

Getting hacked can be a dramatic event. By developing a set of guidelines in the cold light of day as to how you will react, you will limit the number of decisions you’ll have to make in the heat of the moment.

Outline the process you intend to follow and make sure you understand what, if any, requirements you’re subject to under the Privacy Act.

Stop the attacker

Once you’ve realised an attack is on your first task is to put a stop to it.

How you do this will depend on the nature of the attack, whether you think the hacker still has access to your systems and whether he/she might have compromised other areas of your network.

Understand what’s happened and how

This can be a labour intensive process and might require outside expertise, but you need to be certain how the attack succeeded if you want to stop it from happening again. Understanding the scope of the potential breach will also help to focus your response.

Inform your customers

For any business this is the most important part of handling a breach.

A 2010 Symantec study found that customer turnover was the single biggest cost of a data breach. It also found that businesses often overreact when customer data is breached by quickly informing their customer base at large rather than waiting to concentrate on the customers who are directly affected.

How you react will be a judgement call. If you want to involve police the Office of the Australian Information Commissioner recommends being careful not to compromise police investigations by making the details of the hack public too early.

Keep the information flowing

Once you’ve gone public about a hack a certain amount of reputational damage is unavoidable.

You might feel the urge to drop off the radar, but failing to provide an ongoing stream of up-to-date information to customers and media is a sure way to compound the damage.

Your business will be judged equally on how you respond to the hack as much as the hack itself, if not more so.

The key to avoiding all the above is to act to strengthen your security before you’re targeted.

There are numerous applications, services and devices that can help to stop intrusions into your network and to proactively search for breaches as they occur. Be sure that you’re considering using them.

(This blog post was first published on the SmartCompany website on September 29 2011).