IT Security Breach. What Now?
So you’ve had an IT security breach. Maybe data has been stolen, possibly passwords compromised or malware has been released that is infecting your network. What now? Syndeo Communications offers a few crucial steps that IT departments need to follow in the event of a security breach.
Evidence: assemble all relevant data for a forensic IT investigation. This can include logs from both servers and infrastructure equipment, data from the last IT security audit and a detailed list of all staff and contractors with access.
Inspect: how widespread is the damage? Staff should work with investigators to find out the magnitude of the breach. All planning for the steps to follow will come from this initial investigation.
Repair or remove: compromised systems need to be fixed to ensure business continuity. Work with investigators to determine whether they require access to infected systems first and, if so, remove them from the network.
Replace: tied to the last point is replacement. Should investigators require access to compromised systems, they may need them for some time. Staff will need to get to work building new systems to replace these right away.
Examine weaknesses: are there other systems on the network that are vulnerable to the same attack? These holes need to be closed next.
Review and rewrite: based on this attack, do security procedures and technology policies need to be changed? This is the time to propose upgrades or modifications to the way things are done. Nothing will test an IT department’s existing procedures for both security and disaster recovery, quite like a breach. While the investigators do their job, it’s up to IT to follow these steps to strengthen the data center for the future.
If you are a small or medium size business and have suffered from a security breach and do not have a designated support team to address the current risk, contact Syndeo Communications. We are an expert San Diego IT support company that will not only help you through your security disaster but implement effective measures to prevent an attack from occurring in the future. With our twenty four hour, on-site and over the phone support options, you can rest assured that your data, information and business is protected.