Being the victim of a suspected breach or hack can be scary and confusing. Your primary concern should be to prevent further data loss and remember to not destroy the evidence. Below are steps you must take if you have been hacked, while shutting down your systems.
- Disconnect- Make sure you aren’t connected to internet to stop data from being stolen.
- Document- Keep note of any network changes, notification dates, and people involved in the breach.
- Segregate- Isolate all hardware devices in the payment process or devices suspected of being compromised (don’t turn off those devices).
- Quarantine– Quarantine the malware- detected files rather than removing/ deleting them. Again, evidence is important.
- Preserve- Safeguard firewall settings and firewall logs. Preserve all system and security logs.
- Restrict- Limit internet traffic to only business critical servers and ports outside of the credit card processing environment.
- Disable- Don’t delete but disable remote access capability and wireless access points. Also disable non-critical accounts and change all passwords.
- Call a PFI- A forensic PFI (PCI Forensic Investigator) can help you run a compromise analysis. This report will show what exactly went wrong and how to avoid it from happening again.
On the other hand, if you choose to keep your systems up and running while a breach is suspected, the below list is the minimum steps you should take:
- Change passwords immediately.
- Disable remote access.
- Preserve firewall logs and current settings.
- If an ecommerce site is breached, preserve any altered pages.
- Update your antivirus tools and run malware scans on all devices in the card data environment.
- Save log files.
- Save a copy of malware and malware log files on a quarantined external drive.
- Document all changes with the date and a description of the actions taken.
- Engage a security consultant to preserve the compromised environment for future data breach review.
Breaches are a common occurrence within organizations who do not prioritize security and fail to bring in IT and cyber security professionals. As important as it is to know how to be prepared for a possible (and likely) breach, it is very crucial to bring in the right cybersecurity services or hire staff to further protect your technology, confidential information and files, and your employee’s safety.
Source; securitymetrics.com