The likelihood of surviving a data breach depends on how quickly you can spring into action. And that metric is measured in minutes, not hours, or days.
You need to be able to answer crucial questions as quickly as possible so you can react and mitigate the damage to your network and your reputation.
Most notably, there are five major questions that you need to be able to answer as quickly as possible. Think of them as the 5W‘s of a data breach.
What the heck just happened? What will we tell our customers or our shareholders? What will we do next? What will this mean for our future?
To answer the what, you need to answer the other 4 W’s first.
Where exactly is your security vulnerability and where did this attack take place?
Your IT staff needs to completely and thoroughly identify this area of weakness, and come up with a plan to reinforce these areas and ensure this doesn’t happen again.
Did this happen because of an issue with your hosting company? In many cases, identifying and solving data center problems is the most logical place to start when looking at a hack.
Or, was the problem of human error?
Without playing the blame game, you need to know who was responsible for this data breach. The reality is that human error is responsible for 63% of data breaches. Your employees are still your greatest vulnerability.
This attack could have come as a result of a member of your sales team opening the wrong attachment, or using the wrong unsecured wireless network when they were working on the road.
This is not meant to be a witch-hunt. This exercise is to identify what happened so you can advise your team on how to make sure it never happens again.
When exactly did this breach take place? This can be a rather humbling and eye-opening answer for you. Most businesses don’t know they’ve experienced a data breach for at least 100 days.
Knowing exactly when the attack took place can help you figure out how far spread the damage likely is.
Why were you hacked? Hollywood would have us believe that most data breaches are the result of high-level corporate espionage, or a former disgruntled coworker looking to bring you down.
However, in reality, most attacks take place without any sort of malice or personal motivation. A hacker went after you because they saw an open door they could walkthrough.
The How is often included in most W5 lists, and it’s certainly relevant here. More specifically, how you plan to make this right.
You need to do something to keep your customers. For example, if you are a mobile carrier, you might consider a few gigs of free data for all your impacted customers as a way of saying sorry.
Understanding the specifics of the hack is paramount is starting the recovery process. You can’t very well ensure your customers, shareholders or stakeholders that this will never happen again if you’re not sure of the who, what, where, when, or why of this attack.
These questions need thorough answers before you can move forward and rebuild.