Security

Dealing with a Data Breach

Author: Danny Bradbury
Posted: 10 October 2009
Category: Security
Tags: data breach, data loss, notification
It’s the call no-one wants to get: your client has experienced a data breach, and is worried that customer data may have leaked from the business. It is your job to fix the problem as best you can, and give the client peace of mind. There are four key steps in incident management.

Contain and assess
The first step in coping with a breach is to stem the flood of data, and understand how bad the problem is. A client can only find out which information has been compromised if they understand exactly what has happened to their systems. This is why log files are so important. Ensure that you stay informed after the event by maintaining system logs, and by making them easily searchable. Splunk, an IT log search engine, enables you to search through your customers’ logs for suspicious activity that can help you to recreate the sequence of events leading to the breach.

Evaluate the risks
Once you have an understanding of what data was compromised and how, map this information to business risks. You must understand which individuals were affected by the breach, and how sensitive the compromised data was.

Notify the relevant parties
Strictly speaking, your client could avoid notifying victims of a breach, given that there is no law in the UK currently requiring them to do so. But is this a good business move? Better to help your client manage customer relations in a more honest and constructive manner. Notify the affected parties as soon as possible, and tell them as much as you can about the incident, in non-technical terms, without revealing sensitive personal information. Also, notify the Information Commissioner’s Office in the event of particularly serious breaches, in which large numbers of people are affected.

Seal the leaky holes
Now for the clean-up process. Having identified how the breach occurred, you must mitigate the problem with measures that will stop it happening again. This may be as simple as configuring a new firewall rule, or as complex as introducing role-based access control to prevent insider breaches.
Banner

Show other articles by this author

Printable version
Share |
Write comment
security image
smaller | bigger

busy

Download


Subscribe and get the magazine in the post before it's online

Subscribe and get access to all of the back issues

To read a sample eMagazine - March 2010

 
FREE SUBSCRIPTION!
Banner

Advertise

Request a media pack

Latest White Papers

Download

MS-SMB-Report-2009
Microsoft SMB Insight Report (2.2MB)

Because they can respond so quickly as business conditions change,small and midsize companies have an advantage in a volatile and uncertain economic climate".
Steve Ballmer, CEO, Microsoft

Facebook

IT Expert magazine
IT Expert magazine
Promote Your Page Too

IT EXPERT TOP TIP

Are Microsoft hosted solutions actually good for your business? SBS Guy Dave Overton thinks so and he explains why at http://uksbsguy.com/blogs/doverton/archive/2008/07/19/why-microsoft-partners-should-embrace-s-s-and-still-deliver-on-premise-solutions.aspx. Generally, Dave's blog at http://uksbsguy.com/blogs/doverton/archive/tags/Hosted/default.aspx is a great resource for supporting small business clients on Microsoft platforms - if you're wondering how Office Live compares to SBS or how to make money out of SQL Data Services, he has some interesting - through obviously Microsoft-centric-ideas. read more

TAKE THE POLL

Unified communications

Results
Banner

MOST POPULAR STORIES

RECENT FEATURES

RECENT COMMENTS

RSS FEED

livemarks Subscribe to all feeds

livemarks Subscribe to server

livemarks Subscribe to security 

livemarks Subscribe to network

livemarks Subscribe to client

livemarks Subscribe to business       continuity 

livemarks Subscribe to telecoms 

livemarks Subscribe to the business