A little planning goes a long way, especially in you get breached, and your data is at risk. It is crucial that your business has an Incident Response Plan in case a breach ever occurs so that the process of remediation goes smoothly. It is also mandated that companies implement an Incident Response Plan to remain PCI compliant. So what will you do if you suspect a breach?
How can I tell if my network has been breached?
Read these seven telling signs. Look for clues like:
- Your network shows signs of unknown traffic in the payment card environment or from store to headquarters locations
- Unapproved and unknown software, files and devices installed in your network
- Data that’s been inexplicably tampered with or deleted
- You notice unusual after-hours activity in your network
- You find unauthorized new user accounts added to your system
- Your systems are shutting down and rebooting spontaneously
- Your anti-virus software is not working correctly or is being disabled without command
If you notice any of these symptoms, or any of the other breach symptoms noted in Visa’s report “What To Do If Compromised,” it is likely that your network has been breached and precautions must be taken to ensure proper remediation. Also note, breaches can come from an internal or an external source.
I have identified signs that my network has been breached. What do I do now?
There are a few steps that must be taken if your network is showing signs of a breach. The first step is to disconnect and contain. Disconnect any devices that you feel may have been compromised from your network as well as from the internet, but do not power down. Powering down suspicious devices may eliminate any malware from the device’s memory and make tracking more difficult. Try to preserve evidence and attempt to contain the breach so that no more data can be compromised.
Some important steps you must take are to:
- Notify law enforcement, affected businesses (like your bank or processing company) and affected individuals. It is important to notify these parties in a timely manner so that remediation measures can be taken quickly and so that affected parties are not left unaware of the situation.
- Notify federal authorities immediately about your breach. This could help you in buying more time to deal with the situation.
- Never try to hide a breach. It will only hurt your reputation further if it is discovered that your business attempted to contain this information.
- Investigate your network to determine the source and scope of the breach. Some banks or processing companies may require a PFI (PCI Forensics Investigator) to perform an investigation of your business, usually depending on the severity of the breach. If this is not required, complete some form of investigation so that the source or sources of the breach can be determine and fixed. Provide written documentation of the events and findings for yourself and for your processing company or bank, if required.
- Remediate as quickly as possible to prevent further data compromise. Immediately begin fixing issues that were found by a PFI, by your external source, or in your own investigation. Also, determine other sources of vulnerability so that those issues will be resolved before hackers have a chance to strike again.
What can I do to prevent a breach from happening again?
One of the best ways to prevent a breach is to eliminate common gaps that make your network vulnerable to invasion. Some of the most common gaps include:
- Lack of monitoring and alerting
- Lack of segmentation in network
- Lack of internal system scanning
- Lack of logging
- Lack of consolidated reporting
- Missing and outdated security patches
- Inadequate access control and vulnerable remote access control
If you identify these or any other gaps in your network, contacting a reliable resource that has the experience dealing with similar situations including breach can help your organization maintain network security to better prevent future mishaps.
It is extremely important for your company to know how to handle the threat of a breach before it happens. Knowing the procedures of breach detection and remediation will ensure that if a breach occurs, your company is able to contain and move rapidly toward fixing the problem. In a breach situation, every second matters.
The smarter way to deal with the possibility of a breach is to prevent them in the first place. Money spent safeguarding and addressing gaps are well worth it compared to the headaches and hassles of a breach, and the expenses that go along. Prevention is better than a cure since there is the possibility of your business not even surviving a breach.
Call Omega ATC at 636-557-7777 to help identify and address compliance gaps in your retail environment or email firstname.lastname@example.org.