It's happened to you! Your network has been hacked! What do you do next?
First, don't panic! When you have a Data Security Incident, you need to respond quickly, but respond in an orderly and disciplined fashion.
- Have a policy in place to deal with Data Security Incidents which includes a Computer Incident Response checklist.
- Begin documentation of the Incident, the type of incident, location, affected system(s), indicators of compromise, initial detection.
- Analyze the compromised system(s) and document a timeline of the incident. List the compromised systems and data and the extent of the damage. Identify the intruder to the extent possible.
- Identify the vulnerabilities that were used to penetrate the system. Contain the incident to prevent further damage, as appropriate. Isolate the incident to prevent further compromise, determine whether to cut off the intruder or maintain the link in order to try to identify the intruder.
- Determine whether it is necessary to create a forensic copy of compromised systems for evidential purposes in the event of prosecution or litigation.
- Identify who should be contacted: Law Enforcement, Regulatory Agencies, Stockholders, Board of Directors, other stakeholders.
- Remediate vulnerabilities that resulted in the intrusion and document steps taken to reduce risk of future intrusion.
- Prepare a post-incident report with details of the incident and recommendations for further actions.
Most small businesses don't have a Computer Incident Response policy or checklist. P3iSys can help you create a policy appropriate for your organization that meets your needs without overkill. If your network or a system has already been compromised, we can help you take appropriate actions now, and after the urgent needs of the incident are addressed we can work with you to put in place a policy document and plan for dealing with any future incidents.
If reading this article has alerted you that you need to take some steps but you don't know where to begin, P3iSys can help you put together a proactive plan to reduce your Data Security risk and plan for dealing with incidents should they occur.
The easiest place to begin is with a free preliminary Security Assessment. Send us your information using the form at right and we can help you get started right away!