Published on December 29th, 2015 | by Guest
0Be an IT Detective: Recognize a Data Breach in Your Business
When a business suffers a data breach, it can result in more than financial losses. It can mean lawsuits, penalties, and a loss of reputation, as well. Not only do businesses tend to be careless when it comes to securing themselves against data breaches, though, they tend to be unaware of data breaches even once they occur.
It isn’t uncommon for businesses to discover data breaches months after the fact when they third-party security companies studying the breaches get in touch with them. In some cases, information tends to come in from the government, who detect to hacking attempts by enemy states.
One study finds that it takes in the average small business 200 days to discover a data breach. It’s plenty of time to allow a hacker access to sensitive company and customer information.
While any business owner is likely to admit that it’s a highly undesirable state of affairs, how does one know? What kind of observation and monitoring should one put in place? It’s important to learn about the key indicators. Data breaches are hardly uncommon and small businesses, after all. According to the experts at Sec-Tec.co.uk, nine out of ten data breaches to happen to tiny businesses.
Setting up antivirus and firewall software correctly
Enterprise-grade antivirus and firewall can detect many kinds of breach, even if they may not be able to stop them. Unfortunately, many businesses set up such software incorrectly. When a breach is detected, security teams are often unable to find long-term logs, because they tend to be turned off. Correctly configured software can be vital to accurate detection and to the investigations that follow.
Hiring an in-house incident response (IR) expert
IR experts are able to deploy special software and systems that study data traffic for unusual patterns that could indicate compromise. For instance, businesses tend to have both workstations and servers, and these appliances tend to demonstrate signature behaviours.
It is usual for both workstations and servers to exchange data with other servers over the course of daily operations. When a business workstation gets in touch with outside workstation, though, it’s an unusual event, something that only happens in the event of a hacking attempt. Setting up software to detect such activity can be a good way to detect a data breach.
These methods can only alert a business to the potential for suspicious activity. Once suspicion is aroused, it takes considerable study by security experts to determine the level to which business data has been compromised. In one commonly used way, they place the servers and workstations at a business on lockdown and check all data transfers to understand where they come from.
Experts also use memory forensics, a technique where snapshots of all stored data in the RAM of a workstation or server help paint a picture of attacks that have happened.
What happens after a data breach is detected?
As a general rule, bringing in experts as early in the process as possible helps keep costs to manageable levels. It’s important for the business itself to protect the interests of its clients, though. It’s always a good idea to contact clients, and to be upfront about the problem. In most cases, it’s important to get in touch with a legal expert. Privacy laws require businesses to notify everyone affected in many cases.
It can help to get data breach insurance, and also pay a data security firm for data encryption.
About the author:
A vulnerability assessor within the cyber security industry, Leo Garner writes for a variety of business and tech related blogs sharing his knowledge.