pREPARE AND pREVENT

 ​​Businesses should have plans for business operations, security strategy, computer security incident responses, business continuity, and a disaster recovery plan.


Have onsite and offsite backups of system configurations and data, emergency power, and automated fail-over systems:


  • ​Perform regular backups daily and full backups weekly

  • Duplicate weekly backups, having one onsite and another offsite

  • Backups should be tested regularly to ensure it can be restored without errors or data corruptions

​IT staff should enable computer and network audit logging.

​If unusual activity is found, have someone research it and take necessary steps to prevent malicious activity.

Implement business procedures that keep client/customer data separate from other business records and from your website server.

​Limit access to client/customer personal data to those who need it to conduct the business


security gUIDELINES


  • Keep your servers and computers up-to-date by updating security software and operating systems.

  • Secure all wireless networks; enable WPA-2/AES encryption for mobile user accounts.

    Train users in proper use of systems, including cybersecurity awareness and potential cyber threats from the Internet and E-mail.

  • ​Implement and monitor Internet filtering to block access to websites that could potentially be the source of malware.

    Follow and implement the regulations, standards, and procedures from recognized national and international institutions such as;

  • Information Technology Infrastructure (ITIL)
  • The International Standards Organization (ISO),
  • National Institute of Standards and Technology (NIST)​​​​ 

RESPONSE

  • ​​​​​​​Record the date and time when the breach was discovered as well when response efforts began.
  • ​Alert everyone in response team, including external resources, to begin executing response plan.

  • ​Secure the premise(s) around where the data breach occurred to help preserve evidence.

  • To stop additional data loss, shut affected machines offline, but don't power or turn them off.

  • Document everything known about the breach: who discovered it, who reported it, to whom was it reported, who else knows about it, what type of breach occurred, what was stolen, how was it stolen, what systems are affected, what devices are missing, etc.

  • Conduct interviews with those involved in discovering the breach and anyone else who may know about it.

  • Review protocols regarding disseminating information about the breach for everyone involved in the early stage.

  • Assess the priorities and risks based on what you know about the breach.

  • Bring in the forensics team to begin an in-depth investigation

  • Notify law enforcement, if needed, after consulting with legal counsel and upper management.

CATCH

​Computer and Technology Crime High-Tech Response Team