AbleToTrain by Willing & Able

What to do if your company has been compromised

You might be here as a result of the unimaginable, therefore let’s get right along with this, step by step:

  • Rapid confinement.

  • Make stakeholders aware.

  • Let law enforcement know.

  • Put your catastrophe recovery plan into action.

  • Investigate and foresee.

Unusual user account behavior, poor speeds, an unexpected increase in DNS traffic, and/or suspicious emails with peculiar attachments may be early warning indicators. A supplier might alert you or a coworker to a problem with the supply chain code, or you might get a pop-up telling you that ransomware has infected your computer. Whatever they may be, take immediate action. Hopefully you have already prepared for this, so start by opening your disaster recovery plan. Here are some steps you can still take right now even if you don’t have a plan. Speed is important.


Rapid confinement

Secure your network to stop data theft or additional damage. Assemble your business continuity team, IT team, and/or data security provider right now. Change all passwords and access permissions if it appears that credentials have been compromised until this is resolved.

Determine where the security breach originated. You will then have a starting point from which to start your containment and repairs. Was it a drive-by attack where harmful scripts were uploaded to a website by black hat hackers to gain access to private documents? If yes, what information was compromised? What information was given to the attacker if it was a spear-phishing attack? Did a disgruntled former worker start this compromise, and if so, what did they have access to?

Gather evidence when doing containment chores. This could be helpful if speaking with law enforcement, filing an insurance claim, or if criminal procedures take place.

Alert stakeholders.

You might need to inform key parties, including clients, staff members, investors, and other business partners, depending on the situation. To swiftly determine what notification duties you have, you should consult your legal team. When necessary, ask your marketing leaders to assist you in developing suitable internal and external communications.


Let law enforcement know

Depending on where in the world your company is located, you should contact a specific person. But you ought to start with your neighborhood police. They will then tell you where else, potentially even outside of the country, you should report the breach.

You might also need to notify and then follow up with your commercial insurance provider after the crime has been reported.


Put your catastrophe recovery plan into action

The RTO (recovery time objective), which is the amount of time and importance for service level in which a business process must be restored in order to ensure optimal business continuity, is frequently included in a DRP (disaster recovery plan). Priorities and the period of time before any disruption severely impairs regular business operations should be specified in the DRP. It should also include instructions on how to restart, reconfigure, and restore networks and systems.

It should also be printed in a physical form to prevent corruption and contain a list of duties and important persons, including a clear owner. The DRP should include information on your data storage arrangements, including any physical files kept off-site or additional cloud storage, both of which might hasten your recovery time.

Even though it’s far from ideal, if you don’t already have a disaster recovery plan in place, you should try your hardest to start working on it right away. What is the most crucial factor for your company’s operations? What must be restored to operation first? What backup information is safely isolated? dependencies and priorities.