KEY STEPS FOLLOWING A DATA BREACH

Similar documents
What Data? I m A Trucking Company!

Incident Response. Proactive Incident Management. Sean Curran Director

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE

Data Security Incident Response Plan. [Insert Organization Name]

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Attachment A. Identification of Risks/Cybersecurity Governance

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at

INCIDENT RESPONSE CHECKLIST

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

Information Security Policy

plantemoran.com What School Personnel Administrators Need to know

OCIE CYBERSECURITY INITIATIVE

Cyber Self Assessment

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz

Incident Response Plan for PCI-DSS Compliance

Standard: Information Security Incident Management

Security and Privacy

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Information Security Services

Overcoming PCI Compliance Challenges

WRITTEN TESTIMONY BEFORE THE HEARING ON FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN TARGET

A practical guide to IT security

National Cyber Security Month 2015: Daily Security Awareness Tips

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

Information Security Incident Management Guidelines

Information security controls. Briefing for clients on Experian information security controls

Supplier Information Security Addendum for GE Restricted Data

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Advanced Threat Protection with Dell SecureWorks Security Services

Data Breach and Senior Living Communities May 29, 2015

Software that provides secure access to technology, everywhere.

Data Breach Strikes - Nerds & Geeks Unite: Effective Cooperation Between Privacy and Technical Experts Presented by: Paul H. Luehr, Managing Dir.

Chairman Johnson, Ranking Member Carper, and Members of the committee:

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited

Information Security: A Perspective for Higher Education

Solutions and IT services for Oil-Gas & Energy markets

Miami University. Payment Card Data Security Policy

Payment Fraud and Risk Management

PCI Compliance. Top 10 Questions & Answers

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

Common Cyber Threats. Common cyber threats include:

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Cybersecurity and internal audit. August 15, 2014

UNCLASSIFIED. General Enquiries. Incidents Incidents

I ve been breached! Now what?

DATA BREACH COVERAGE

Evaluation Report. Office of Inspector General

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

Presented by: Mike Morris and Jim Rumph

A Case for Managed Security

Internet threats: steps to security for your small business

Franchise Data Compromise Trends and Cardholder. December, 2010

3 Marketing Security Risks. How to combat the threats to the security of your Marketing Database

Foregenix Incident Response Handbook. A comprehensive guide of what to do in the unfortunate event of a compromise

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

MEMORANDUM. Date: October 28, Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

The Cloud App Visibility Blindspot

A Decision Maker s Guide to Securing an IT Infrastructure

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

DBC 999 Incident Reporting Procedure

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

Under the Hood of the IBM Threat Protection System

Stay ahead of insiderthreats with predictive,intelligent security

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

FACT SHEET: Ransomware and HIPAA

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Data Breach Response Planning: Laying the Right Foundation

Teradata and Protegrity High-Value Protection for High-Value Data

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Cyber Security An Exercise in Predicting the Future

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Sample Data Security Policies

Effective Log Management

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.

Defending Against Data Beaches: Internal Controls for Cybersecurity

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Security Management. Keeping the IT Security Administrator Busy

Getting real about cyber threats: where are you headed?

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

Transcription:

KEY STEPS FOLLOWING A DATA BREACH

Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline, and should not replace obtaining legal advice with respect to the required steps and regulatory measures, but rather a suggested check-list of steps that should be considered within the process of dealing with a data breach. What is Data Breach? A data breach is any instance in which there is an unauthorized release or access of personal information or other information not suitable for public release. This definition applies regardless of whether your organization stores and manages its data directly or through a contractor, such as a cloud service provider. Data breaches can take many forms including: hackers gaining access to data through a malicious attack; lost, stolen, or temporary misplaced equipment (e.g., laptops, mobile phones, portable thumb drives, etc.); employee negligence (e.g., leaving a password list in a publicly accessible location, technical staff misconfiguring a security service or device, etc.); and policy or system failure (e.g., a policy that doesn t require multiple overlapping security measures-if backup security measures are absent, failure of a single protective system can leave data vulnerable). Initial Steps: First 24 Hours»» Record the date and time when the breach was discovered, as well as the current date and time when response efforts begin.»» Define chain of command within the organization and scope of specific authorities with respect to the management of the incident.»» Alert and activate everyone within the organization who is in charge on managing the incident.»» Establish a privileged and specific reporting and communication channel.»» Stop additional data loss by isolating the impacted system and services. This can prevent the attack from expanding and possibly completing its mission. The isolation will also prepare the system for forensic analysis.»» Document everything you do and everyone you talk to in regard to the breach: Who discovered it, who reported it, to whom was it reported, who else knows about it, what type of breach occurred, what was stolen, how was it stolen, what systems are affected, etc.»» Interview those involved in discovering the breach and anyone else who may know about it.»» Review protocols regarding distributing information about the breach for everyone involved in this stage.»» Assess priorities and risks based on what you know about the breach (e.g. the number of suspected people affected, type of information compromised, etc.). Make sure these decisions are made by the appropriate managers.»» Engage a forensics firm to begin an in-depth investigation. It is critical to identify the scope and root cause of an incident and take immediate steps to prevent it from causing further damage by conducting digital forensics analysis and preserving evidence.»» Engage a legal counsel who is specializes in data breach incidents and determine your legal, contractual and insurance notification obligations.»» Preserve all affected system log files including firewall, VPN, mail, network, client, web server and intrusion detection system logs. These logs are critical for assessing the origins of the attack, its duration and the volume of data infiltrated during the breach.»» Warn employees of social engineering attempts. The breach is often only the beginning of a stream of fraudulent social activities, such as phishing emails, impersonation schemes, etc. Be aware for any suspicious queries from third parties, such as customers and contractors, which could be related to the data breached (e.g., customer service approach concerning passwords or private data, phishing attempts). 2

Additional Key Steps Fix the issue that caused the breach and prevent further possible damages, including: Identify specific customer accounts, systems or records that may have been subject to the breached and implement special monitoring of such. Confirm that anti-virus, DLP, personal firewalls, and other agent-based tools are configured correctly and are not being remotely turned off by malicious actors across the Internet. Locate outdated services or unpatched systems (such as outdated web servers). Attackers can gain access to the affected systems without needing to know any authentication credentials. Put clean machines in place of affected ones. Change all of your passwords and use different passwords for different accounts and services. Use sophisticated passwords. Work with Forensics: Determine if any countermeasures, such as encryption, were enabled when the compromise occurred. Gather system memory, running processes, open ports from all affected systems, as well as network traffic log. You should also analyze backup, preserved or reconstructed data sources. Monitor hacker forums, web crawlers, hacker communities, dark net, deep web, file sharing portals, key logger dumps, and malware logs to find information regarding cyber-attacks against the company, claims pertaining to leaked data from it and offers to sell stolen data belongs to it. Align compromised data with customer names and addresses for notification. Comply with legal obligations: Revisit regulations governing your industry and the type of data lost (e.g., is this data considered "private data" or "sensitive data"? is your service subject to specific regulatory framework?). Determine after consulting your lawyer if the data breach should be notified, in which way, to whom and when. The countdown starts the moment a breach is discovered, but the notification may be delayed in some cases, based on the type of data which was breached, encryption protections and status of the investigation. Obtain a legal document that analyzes the data that has been breached and concludes the legal implications regarding the breach. Report to upper management: Compile timely breach reports on a daily basis for upper management. The first report should include all of the facts about the breach as well as the steps and resources needed to resolve it. Create an overview of priorities and progress, as well as updated problems and risks. Keep in mind that damages that are caused by data breach incidents often become visible after several days or even weeks. Make the executives aware of any upcoming business initiatives that may interfere or clash with the response efforts. 3

Ongoing Future Steps to Prevent Data Breach Reoccurrence»» Establish and implement a written data breach response policy.»» Assemble an internal incident response team that is well-versed in privacy and security matters that can take the lead in handling the incident response should you experience another breach in the future. Internal incident response team should include representatives from IT, security, legal, compliance, communications and customer service and a member of the executive management team.»» Consider hiring pre-selected data breach resolution vendor in order to manage the cost of a data breach and choose protection products for individuals affected in the breach.»» Continuously monitor for personal information and other sensitive data leakage and loss.»» Review your information system(s) and data and identify where personal information and other sensitive information resides. Establish a comprehensive vulnerability management program that will help the company to understand its security posture, while minimizing risk where possible. This will include attacking your own network regularly (external penetration test) to find holes in the security posture.»» Encrypt private and sensitive data, especially the credit card numbers and debit card PINs. Whenever data is encrypted, it reduces the potential value of the data for the attacker.»» Effective vulnerability scanners need to be in place in order to locate the vulnerabilities, and give steps on how to remediate them.»» Train personnel in cyber awareness and data breach response, including: safely taking infected machines offline; avoiding phishing scams; identifying suspicious movements, etc. Employee education related to social engineering and frauds (i.e., spear-phishing campaigns) must be ongoing and consistent.»» Refresh authentication for employee access to data, systems and servers. Clear authentication management should be in place to thwart the impact of an employee's credentials that are compromised.»» Consider cyber and data breach insurance. Cyber insurance can help respond to and minimize the damage of a data breach or cyber-attack. 4

HFN Cyber Team Practice HFN's Cyber team has extensive knowledge and experience in advising companies in the complex regulatory areas surrounding Cyber-related services and risks. HFN s lawyers work in dedicated teams possessing vital regulatory skills to provide specialist Cyber-related advice in the following areas: compliance, regulatory and commercial matters; strategic and regulatory review of implementation of regulatory framework applicable to various financial, communication and critical resources companies; and assisting companies with preparing and implementing procedures for Cyber-related incidents. The department has expertise in: Compliance and strategic advice to companies developing Cyber security products and services with regards to compliance and regulatory issues concerning the product Compliance monitoring and checkups - review procedures and products of partners and partnerships, assist in monitoring the activity and providing advice on decreasing the applicable risks and responsibilities Legal advice and practical guidelines addressing Cyber incidents, including: internal procedures, regulatory and corporate approvals, incident management Legal advice and practical guidelines addressing applicable standards, policies and legislation that may apply to various financial, communication, security, data and critical resources companies Drafting, reviewing and updating all applicable legal documentation Drafting and reviewing agreements with third parties, including licensing agreements Advice on export and import limitations, security and homeland-security aspects Assistance with investment promotions, filing for Chief Scientist grants Advising on cyber insurance and financial structuring Advising on all related IP issues HFN Cyber team is led by lawyers with unique practical and regulatory expertise in the Cyber field, including Dr. Nimrod Kozlovsky, Ariel Yosefi, Daniel Reisiner and Dr. Avishay Klein. HFN Cyber Team Contacts Ariel Yosefi, Partner Tel: +(972)-3-692-2825 Fax: +(972)-3-696-6464 yosefia@hfn.co.il www.hfn.co.il Dr. Nimrod Kozlovsky, Senior Advisor Tel: +(972)-3-692-2884 Fax: +(972)-3-696-6464 kozlovskin@hfn.co.il www.hfn.co.il 5

Asia House, 4 Weizmann St., Tel-Aviv 6423904, Israel Tel: (972)-3-692-2020 Fax: (972)-3-696-6464 hfn@hfn.co.il Twitter: @hfnlaw Blog: unfolding.co.il www.hfn.co.il

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information