What to do before and after a digital security breach


Josh Mayeux, network defender, works at the Air Force Space Command Network Operations & Security Center which defends against cyber attacks on U.S. Department of Defense communications systems at Peterson Air Force Base in Colorado Springs, Colo. (RICK WILKING/REUTERS)
March 27, 2012

Let’s be honest — if the CIA and major retailers like Zappos can be successfully attacked and breached, it’s likely your business could fall victim to a cyber attack. Most people don’t know small businesses are the more frequent, less publicized subject of attacks.

Reports show that during 2010, most Web sites were exposed to at least one serious security vulnerability. This one vulnerability is enough to lead to a large breach resulting in lost data. This doesn’t mean you should abandon all hope, but rather you should proactively put all of the pieces in place in order to survive and mitigate a potential breach. Now is the time, before the breach, to put your digital security protections and plans in place in order to survive.

Digital security is not a one-time effort. A secure environment a month ago might be wide open today. Here are some tips to help you minimize threats from hackers:

●   Test your Web sites at least every six months. Even the most secure Web site and its underlying systems will age as hackers discover new attack methods. Automated vulnerability scans will be updated to test for these new attack methods. Scan, triage and remediate as needed.

●   Continue to update and patch your system software (i.e., operating systems, SQL). Like aging Web sites, hackers are always finding new attack holes and methods into system software. Patches and new versions of system software are frequently released to fix these newfound problems. There is a possibility that your systems have been cataloged by hackers waiting for an opportunity to attack your now vulnerable system as soon as a flaw has been discovered.

●  Educate your staff. As Americans, our attention spans are measured in days, if not hours. Retrain your staff every few months. Remind your staff over and over of the capabilities of social engineers and the potentially disastrous downside of giving away company access information.

Recheck your virus and malware installations. Scott Culp, one of Microsoft’s security gurus, has an immutable law of security that reads: “An out of date virus scanner is only marginally better than no virus scanner at all.” Make sure yours are current.

Regularly check your system logs. It’s a given that your systems are being attacked every day — system logs help you understand where attacks are coming from and in what form. Some security attacks take days or even months to implement. Frequent log reviews might help you discover and head off one of these persistent attacks.

If a security breach does occur, you and your staff need to be ready to react quickly and decisively.

Here are some tips:

Don’t panic. Carefully consider the nature of the breach, what data (if any) have been compromised and what your next steps should be. A premature release of breach information may cause unnecessary customer panic or, even worse, make you look even more inept when you revise the information you did send out. Take the time to respond with dignity.

Review your system logs to determine how the breach occurred and what information was compromised. A good set of system logs will usually tell the complete story of your breach. (You did turn your logs on, didn’t you?) I would suggest bringing in security experts to review your logs and find out exactly what happened and determine what data were compromised — this is usually pretty complicated stuff.

Repair your systems. While this may seem to be a ‘duh …’ statement, you would be surprised the number of businesses that take an incredibly long time to repair known vulnerabilities. Also, while repairing the system that was breached, you should take a look at your entire IT world for similar problems — after all, it is probably the same IT staff that handles your entire IT environment.

If required, inform the appropriate financial and legal entities as soon as possible. Depending on your industry, there may be strict requirements for reporting security breaches. Keep in mind the fact that many security breaches become public knowledge as the compromised data are used or sold within the cyber underground — not as a result of company disclosure.

Call your insurance company. Depending of the nature of the breach, you may be covered for some, if not all, of the expenses associated with your recovery. Rather than assume you are on your own financially, I would suggest giving your insurance company a call. 

You might also take the time to talk about cyber insurance with your agent — for the next time.

Alan Wlasuk is CEO of 403 Web Security, an Indianapolis-based company that helps small businesses identify and repair Web site vulnerabilities.

SECTION: {section=business, subsection=on-small-business}!!!
INITIAL commentConfig: {includereply=true, canvas_permalink_id=washpost.com/8bvh5zpd9k, allow_comments=true, commentmaxlength=2000, includeshare=true, display_comments=true, canvas_permalink_app_instance=m6yzjj840m, display_more=true, moderationrequired=false, includefeaturenotification=true, defaultsort=reverseChronological, canvas_allcomments_id=washpost.com/km4ey0dajm, comments_period=14, includevoteofftopic=false, allow_videos=false, includesorts=true, markerdisplay=post_commenter:Post Commenter|staff:Post Writer|top_commenter:Post Forum|top_local:Washingtologist|top_sports:SuperFan|fact_checker:Fact Checker|post_recommended:Post Recommended|world_watcher:World Watcher|cultuer_connoisseur:Culture Connoisseur|weather_watcher:Capital Weather Watcher|post_contributor:Post Contributor, childrenitemsperpage=3, includeheader=true, includeverifiedcommenters=true, defaulttab=all, includerecommend=true, includereport=true, maxitemstop=3, source=washpost.com, allow_photos=false, maxitems=15, display_ugc_photos=false, includepause=true, canvas_allcomments_app_instance=6634zxcgfd, includepermalink=false}!!!

UGC FROM ARTICLE: {allow_comments=true, allow_photos=false, allow_videos=false, comments_period=14, comments_source=washpost.com, default_sort=, default_tab=, display_comments=true, is_ugc_gallery=false, max_items_to_display=15, max_items_to_display_top=3, moderation_required=false, stream_id=}!!!

FINAL commentConfig: {includereply=true, canvas_permalink_id=washpost.com/8bvh5zpd9k, allow_comments=true, commentmaxlength=2000, includeshare=true, display_comments=true, canvas_permalink_app_instance=m6yzjj840m, display_more=true, moderationrequired=false, includefeaturenotification=true, defaultsort=reverseChronological, canvas_allcomments_id=washpost.com/km4ey0dajm, comments_period=14, includevoteofftopic=false, allow_videos=false, includesorts=true, markerdisplay=post_commenter:Post Commenter|staff:Post Writer|top_commenter:Post Forum|top_local:Washingtologist|top_sports:SuperFan|fact_checker:Fact Checker|post_recommended:Post Recommended|world_watcher:World Watcher|cultuer_connoisseur:Culture Connoisseur|weather_watcher:Capital Weather Watcher|post_contributor:Post Contributor, childrenitemsperpage=3, includeheader=true, includeverifiedcommenters=true, defaulttab=all, includerecommend=true, includereport=true, maxitemstop=3, source=washpost.com, allow_photos=false, maxitems=15, display_ugc_photos=false, includepause=true, canvas_allcomments_app_instance=6634zxcgfd, includepermalink=false}!!
Comments
SECTION: {section=business, subsection=on-small-business}!!!
INITIAL commentConfig: {includereply=true, canvas_permalink_id=washpost.com/8bvh5zpd9k, allow_comments=true, commentmaxlength=2000, includeshare=true, display_comments=true, canvas_permalink_app_instance=m6yzjj840m, display_more=true, moderationrequired=false, includefeaturenotification=true, defaultsort=reverseChronological, canvas_allcomments_id=washpost.com/km4ey0dajm, comments_period=14, includevoteofftopic=false, allow_videos=false, includesorts=true, markerdisplay=post_commenter:Post Commenter|staff:Post Writer|top_commenter:Post Forum|top_local:Washingtologist|top_sports:SuperFan|fact_checker:Fact Checker|post_recommended:Post Recommended|world_watcher:World Watcher|cultuer_connoisseur:Culture Connoisseur|weather_watcher:Capital Weather Watcher|post_contributor:Post Contributor, childrenitemsperpage=3, includeheader=true, includeverifiedcommenters=true, defaulttab=all, includerecommend=true, includereport=true, maxitemstop=3, source=washpost.com, allow_photos=false, maxitems=15, display_ugc_photos=false, includepause=true, canvas_allcomments_app_instance=6634zxcgfd, includepermalink=false}!!!

UGC FROM ARTICLE: {allow_comments=true, allow_photos=false, allow_videos=false, comments_period=14, comments_source=washpost.com, default_sort=, default_tab=, display_comments=true, is_ugc_gallery=false, max_items_to_display=15, max_items_to_display_top=3, moderation_required=false, stream_id=}!!!

FINAL commentConfig: {includereply=true, canvas_permalink_id=washpost.com/8bvh5zpd9k, allow_comments=true, commentmaxlength=2000, includeshare=true, display_comments=true, canvas_permalink_app_instance=m6yzjj840m, display_more=true, moderationrequired=false, includefeaturenotification=true, defaultsort=reverseChronological, canvas_allcomments_id=washpost.com/km4ey0dajm, comments_period=14, includevoteofftopic=false, allow_videos=false, includesorts=true, markerdisplay=post_commenter:Post Commenter|staff:Post Writer|top_commenter:Post Forum|top_local:Washingtologist|top_sports:SuperFan|fact_checker:Fact Checker|post_recommended:Post Recommended|world_watcher:World Watcher|cultuer_connoisseur:Culture Connoisseur|weather_watcher:Capital Weather Watcher|post_contributor:Post Contributor, childrenitemsperpage=3, includeheader=true, includeverifiedcommenters=true, defaulttab=all, includerecommend=true, includereport=true, maxitemstop=3, source=washpost.com, allow_photos=false, maxitems=15, display_ugc_photos=false, includepause=true, canvas_allcomments_app_instance=6634zxcgfd, includepermalink=false}!!
Show Comments