Dealing With a Data Breach: What to Do if Your Server Is Compromised
Has your business recently suffered a cyber-attack? Don't panic. With this response guide, you can minimize the damage you suffer - and prevent a second attack.
It's news no server owner ever wants to hear. There was a flaw in your security - and somehow, a criminal managed to sneak their way in. Your business's information has been compromised - and very likely fallen into unsavory hands.
Ominous, isn't it?
If the rash of data breaches we've heard about in the news lately is any indication, cybercriminals are getting craftier. That should come as no surprise - as we store more and more information online, the payoff for successfully cracking a server is getting higher and higher. From the perspective of a server owner, that means that you need to do everything in your power to keep your data safe.
Unfortunately, that may not always be possible. Eventually, someone might make a mistake. Eventually, circumstances beyond your control may compromise your server. When the time comes, how you handle yourself could be the difference between a minor controversy and an unmitigated catastrophe.
Step One: Keep Calm And Investigate
Once you've been made aware that some of your data might be compromised, the absolute best thing you can do is investigate. Don't panic, and don't immediately notify your customers and clients. A 2010 study carried out by Symantec revealed that going public with a breach the moment it happens is actually one of the worst things you can do. If you think about it, that makes sense - if you go around screaming at everyone that there's been a breach without knowing what was lost, most people are going to assume the worst.
What that translates to is a whole ton of lost customers - and lost revenue, as well.
Step Two: Take Action As Soon As You Can
Your next step after determining what went wrong (and how much information was stolen) is to take action to prevent the breach from happening again. If there was a vulnerability, patch it. If there was a glitch, fix it. If it was the result of employee error, well...
Chances are pretty high that someone's going to be looking for a new job.
Step Three: Tell People About It
Once you've figured out the finer details of the breach - how it transpired, what data was compromised, and who's going to be affected by it - you can finally go public. Be as transparent as humanly possible here. Don't try to sugarcoat what happened, and don't hide anything from your clients.
Tell them exactly what happened, why it happened, who may have had their data stolen, what you're going to do about the stolen data, and how you're going to prevent this from happening in the future. Yes, that's probably going to be an uncomfortable message to write, but it needs to be sent out. If you try to worm your way out of responsibility, you'll make things worse than you would have by panicking.
Step Four: Offer Reparations
With everyone aware of what happened, the next step is probably the most uncomfortable - but it's nevertheless necessary. You need to figure out how you're going to make it up to your customers. It goes without saying that you need to offer some form of compensation to the people impacted by the breach, in order to take the first steps towards repairing your organization's damaged reputation. What you offer your clients - and how you deliver it - is entirely up to you.
Oh, there's more thing to cover before we wrap this up. If it turns out you've failed in your duties to keep your data safe and secure, you may need to contact your legal department. A lawsuit could be on the way (or worse, a federal investigation).
Step Five: Prevent It From Happening Again - But Be Prepared In Case It Does
Finally, with whatever vulnerability caused the breach (presumably) patched and your clients fairly compensated for their troubles, it's time to review how you handled things this time around. Are there any security policies that need to be reworked? Did you catch the breach in time, or do you need to adjust your monitoring system?
This review process is honestly the most important step in this guide. See, ultimately, the best way to deal with a breach is to be prepared for one. By ensuring you've a reasonable process in place, you'll be far better equipped if and when your data is compromised again.
Follow Matthew Davis on Twitter