Cygilant Blog

7 Things to Do Immediately After a Security Breach

Posted by Kevin Landt on Sep 8, 2015

Dealing with a security breach is like a police officer drawing his or her gun: in all likelihood, you’ll go your whole career without having to do it. But regardless of the unlikelihood, you need to be prepared.


We have come up with seven steps you should take if ever you discover you have been hacked and your company’s data has been compromised.

  1. Tell your customers, employees and partners. Nothing says “we have something to hide” quite like hiding something. Tell people what is happening as soon as it is safe to do so. Give as many details as you can without compromising yourself further: what happened, when, to whom, what are you currently doing and what you will be doing in the future to address this and protect your customers. Don’t forget, a breach is going to cost you money. But a delay in reporting this breach will cost you more, as companies from Kaiser Permanente to ChoicePoint have discovered.

  1. Implement the relevant parts of your security plan. Each security plan should have an incident response section. Don’t panic. Keep calm and consult that section and it should walk you through the major actions you’ll need to take. Because it’s part of your security plan, all of your employees should be on the same page as you go through this process. This is critical, and the time for creating, distributing and enforcing a security plan is long before it’s needed.

  1. Survey the extent of the problem. Immediately assess the breadth and depth of your losses. What happened? What was taken? What was destroyed? Your security tech should feature dynamic threat detection software and your IT crew should understand the architecture of your company’s digital world. If you do not have a dedicated crew, hire a company whose bread and butter is threat identification and elimination.

  1. Isolate your network. It might be tempting to isolate the part of your network that appears affected or to work on the fly. But networks are interrelated systems and keeping your e-commerce going for an additional 10 hours is not worth the risk that the malware active in your system will spread.

  1. Call the cops. The FBI, the U.S. Department of Homeland Security, and Interpol’s cybercrime division take hacking extremely seriously. The black market for everything from proprietary software to exploits is thriving in what is known as the “dark net.” There are entire online marketplaces that function as digital chop shops. It’s not just necessary to help solve the crime of who hit you, it’s also integral to keep banned technology from groups and even nations who are forbidden from having it. You don’t want to be the reason a criminal hacking gang is breaking into every PayPal account or now has access to every network that uses a certain type of server.

  1. Test your fix. Once you’ve fixed your breach, try to breach your fix. Get your best tech people together and test the ruggedness of your repair. The last thing you want (well, besides getting hacked in the first place) is to announce your site is safe and then see it go down again.

  1. Call your lawyers. You were the custodians of the data that has been compromised. But you are unlikely to be the sole owner. When you understand the nature and scope of the breach, bring legal into it. Hopefully, you can establish that you took every reasonable step to secure the data with which you were entrusted.

Of course, the key to avoiding this in the first place is having a robust system in place. If you want additional counsel on security processes, we can help. EiQ’s software put systems, protocols, and personnel in place to detect and deter threats before they become a breach.


Request Free Demo Now!


Top photo credit: solarseven/Shutterstock

Tags: Data Breach, Security Best Practices, Password

Most Recent Posts

Subscribe to Email Updates