Recovering from a data breach
Businesses and individuals alike need to fortify defences
published : 11 Apr 2023 at 04:00
newspaper section: Business
writer: Yeo Siang Tiong
The trend of personal data leaks is likely to continue as our personal and work activities become increasingly digitised. Even though such leaks directly influence individuals' privacy, corporate cybersecurity is put at risk as well.
People often use work email addresses to register with third-party websites, which can be exposed to a data leak. When sensitive information such as email addresses become publicly accessible, it may tweak the interest of cybercriminals. They in turn might plot potential attacks on the organisation on dark net websites. Additionally, the data can be used for phishing and social engineering.
Any organisation today has to "assume breach", from the smallest company keeping an offline backup away from the office to the largest enterprise looking to implement an advanced defence solution stack. This is because the cost of a data breach includes not only the financial consequences of dealing with recovery after attack, but also reputation damage and loss of business continuity.
Kaspersky experts offer the following checklist to ensure business can get back on track sooner and to strengthen IT security operations after a data breach:
1. Assess the situation: Assess the breach's risk to customers. Risk assessment lets you decide the next steps, including whether to report the breach. If it is a high risk to customers, you must inform them without undue delay.
2. Keep your CISO: Unless the incident can be directly attributed to an irreversible failure on the part of the chief information security officer (CISO), don't fire them to appease customers or shareholders. Your CISO will have the experience and knowledge you need to see you through this issue.
3. Be transparent and helpful: Don't try to cover up the breach or hide details from those affected. When you tell customers what happened, give them advice on what to do next.
4. Make sure you notify everyone affected: If you're processing data for other organisations, don't forget to tell them about the breach. They will have steps they must take too.
5. Document everything: Document every data breach, even if you don't have to report it. Record what happened, the steps you took and why the breach was reported or not reported.
6. Invest in building a cyber-aware culture: Strengthen cyber-awareness training for all employees. This can help them work together more effectively in the face of cybercriminals, and appreciate the difficulties the security team faces keeping the organisation safe.
7. Plan your recovery strategy: The best time to prepare for your recovery from a breach is before it happens. Take one step today, maybe start to look at how your organisation would detect a breach, or how you can test the detection capabilities you have.
Kaspersky experts also suggest deploying a comprehensive defensive concept that equips, informs and guides your team in their fight against the most sophisticated and targeted cyber-attacks.
For individuals, below is a step-by-step guide detailing all of the measures you'll need to take if you believe you've been a victim of a personal data breach.
1. Figure out what data was breached and check for updates: If you have received a notification from a company stating that your information may have been exposed, or perhaps you saw information about a leak in the media, you should check with the company and ask them what type of information that includes. The most common forms of stolen personal data are name, email, password, phone number, ID number, address and credit card information.
2. Update any exposed credentials: Change your password right away when in doubt. If you have reused your password on multiple sites, it is important to update all logins and follow good password hygiene. In general, it is best practice to have multiple passwords that are updated regularly (every three to six months). Use a password manager to keep track of everything.
3. Sign up for two-factor authentication: Double your online security by signing up for two-factor authentication (2FA) wherever the option is available. It is an extra level of security for your online accounts that requires you to enter an additional piece of identifying information.
4. Monitor all of your accounts: One set of exposed credentials can be easily cross-checked across many different websites, social media pages and subscriptions or memberships. It is important to watch for any strange activity in your accounts, such as new purchases, password changes and logins from different locations.
5. Protect your financial privacy: If payment information was leaked as part of a data breach, you should ask your bank to lock or pause your card(s) right away and send you a replacement. If your financial details have been exposed and you have seen changes, you should take steps to freeze your credit. There is no cost incurred for doing this and it will prevent malicious actors from opening new credit accounts in your name.
Yeo Siang Tiong is the general manager for Southeast Asia at Kaspersky.
- data breach