Cyber Risk Management, Expert Witness & CEO David X Martin, LLC
Share this content

Was Your Database Hacked? Here's What to Do

Cyber wellness means being proactive in your approach to cyber security – not just reacting after an attack.

Sep 25th 2019
Cyber Risk Management, Expert Witness & CEO David X Martin, LLC
Share this content
cyber attack
dangrytsku_istock_cyberattack

In recent years, we’ve seen our public health systems shift from reactive mode to proactive – focusing on preventing illness rather than just responding to disease outbreaks when they happen. Cyber wellness is about taking preventive steps in multiple dimensions of cyber defense, enabling effective governance in addition to responding to threats and attacks.  

Accounting firms need to:

1.     Create Security Incident Response Plans that Consider Both Public Relations and Legal Issues

An incident response plan helps to identify, respond to and recover from cyber security incidents. The objective of an incident response plan is to prevent damages such as service outages, data loss or theft and illicit access to organizational systems. 

An incident response plan is not complete without a team who can carry it out. Team members are the point people for the incident – they’re responsible for communicating with internal partners as well as external parties, such as legal counsel, press, law enforcement, customers and other stakeholders. In order for the incident response team to be effective, they need senior partner support, consistent testing and clear communication channels.

The team needs to develop a response plan that provides a structured process for each of these steps:

• Preparation: Perform a risk assessment and prioritize security issues, identify which are the most sensitive assets and, by extension, which are the critical security incidents the team should focus on. Create a communication plan and prepare documentation that clearly and briefly outlines roles, responsibilities and processes.

• Identification: When a potential incident is discovered, the team should immediately collect additional evidence, decide on the type and severity of the incident and document everything they are doing.

• Containment: Once the team identifies a security incident, the immediate goal is to contain the incident and prevent further damage.

• Eradication: The team must identify the root cause of the attack and take steps to prevent similar ones in the future. For example, if a vulnerability was exploited, it should be immediately patched.

• Recovery:  The team should bring affected production systems back online carefully to ensure another incident doesn’t take place, and then test and verify that affected systems are back to normal.

• Document Lessons Learned:  Investigate the incident further to identify if it could happen again, then take necessary steps to ensure that it won’t.

2.     Perform Penetration Testing

Penetration testing — also known as pen testing — views your network, application, device and/or physical security through the eyes of both a malicious actor and an experienced cyber security expert to discover weaknesses and identify areas where your security posture needs improvement. This testing doesn’t stop at just discovering ways in which a criminal might gain unauthorized access to sensitive data or even take over your systems for malicious purposes. It also simulates a real-world attack to determine how your defenses will fare and the possible magnitude of a breach. Such evaluations (perhaps performed by an independent third party) provide insight into your organization’s overall cyber resilience – which is a continuously evolving objective. Pen testing is not just about what’s wrong. It’s also about identifying appropriate trade-offs – because you can’t protect everything.

Comprehensive penetration testing considers several areas: application, networks (including wireless), weak passwords and protocols, and physical barriers, such as sensors and cameras. 

Just as you go to a healthcare provider for an annual wellness checkup, it makes sense to enlist the help of highly trained security consultants to carry out your security testing. While you might think you’re perfectly healthy, a doctor can run tests to detect dangers you’re not aware of. Similarly, the people who put your security program together and maintain and monitor it on a daily basis may not have the objectivity needed to identify security flaws, understand the level of risk for your organization and help address and fix critical issues. Metaphorically speaking, in this ongoing game of cat and mouse, you would be smart to consult with an objective outside cat every so often because the mice are fast and sneaky, always learning, always evolving, inventing new ways to steal your cheese.

3.     Perform Tabletop Exercises

Tabletop exercises help determine how your team will react to a potential cyber attack so you can evaluate the effectiveness of your planning. Accounting firms can identify flaws or gaps in their response and make adjustments to ensure top-notch preparedness. For instance, if your company experienced a ransomware attack, would your employees know what to do?  Testing out this scenario in a safe environment lets you know if your response plan for ransomware is effective and whether it can be improved using other alternatives. Tabletop exercises can also help you identify missing links in the chain of command – ensuring documentation of response plans and finding gaps in your recovery process. 

4.     Have a Public Relations Plan in Place and Legal Counsel on Board Before an Incident Ever Occurs

An important component of cyber resilience entails having external experts and firms on board to support a decisive, effective response to any data breach. The post-breach environment is not the time to be searching for required expertise or negotiating contractual terms, so having a team of external pros on board can speed recovery and resumption of operations. These external experts include: forensics, legal, communication and systems remediation, among others. Your approach to law enforcement (FBI and others) should also be considered in advance of an incident. 

Cybersecurity cannot be guaranteed, but a timely and appropriate reaction can.

Related Articles

Data Breach Recovery Tips for Accounting Firms

Is Your Firm Practicing Cyber Wellness?

Replies (0)

Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.