What Should You Do If Your Network Is Compromised?

July 30th, 2012

Back in June, 6.3 million passwords were reported stolen when a hacker was able to access LinkedIn’s servers. The news made headlines instantly and everyone in the office (and online) was talking about it. Clearly this is a public-relations nightmare for the company and one that will, for sure, have a ripple effect for months, possibly years, as they deal with the fallout from their clients and potential lawsuits.

What’s scary about this type of attack—or any major security breach to a big company—is that if it can happen to them, it can certainly happen to YOU. Although I’m not privy to LinkedIn’s security procedures, I’m sure they don’t take it lightly and have most likely invested a BIG chunk of change to keep their data secure, money that the “average” small business owner could never afford to logically spend. So IF this happened to your company, what should you do? How do you avoid a massive PR mess, the loss of both sales and the trust of your clients, and even potential lawsuits?

The first step would be to identify what type of attack it is and what machine(s) were affected so you can quickly contain the damage done (or being done) as best as possible and protect your assets. Naturally, you should consult with a professional security expert (like us) to make this containment happen as quickly as possible to “stop the bleeding.”

Next, you’ll want to notify any and all parties affected as fast as possible. In the LinkedIn attack, they immediately notified the subscribers affected by forcing a password reset. The faster you can react to this, the better your chances are of limiting the damage done. We’re not legal experts here but we would encourage you to talk to an attorney about the breach and about what you need to do in terms of making a public announcement as quickly as possible—particularly if a security breach exposed your employees, subscribers or clients to a cyber-criminal. In some cases where medical or financial information is involved, you may be required by law to report the incident not only to your clients, but also to authorities.

Of course, you can’t saw sawdust, which simply means there’s nothing you can do to un-do a security attack. Beefing up security AFTER the fact is good, but a better strategy is to avoid being complacent to the point of being negligent. After all, if a security attack happens and it’s due to a simple security measure you could easily have put in place, it looks really bad.

If you’re an XperCARE client, you can rest easy knowing we’re monitoring your network against such attacks to limit your risks and prevent you from being low-hanging fruit for hackers. If you’re not an XperCARE client, call 410-884-0225 for a FREE Network Security Assessment to see just how secure your network REALLY is, and to find out how we take care of this for you.