Category Archives: risk management

Crisis Management Tips After a Network or Computer Hack

Editor’s Note: The following guest article by John Dayton explains in detail how to protect your business from the very real dangers of the Internet. The events of the past several years have left no doubt as to the necessity of having a clean and secure network. If you’ve got doubts, talk to someone at Sony, Chase, Lockheed, or one of the many other victims of hack attacks.

Protect your business from online threats

Nobody is immune to network attacks and hacks. Hackers and data thieves will go after both multinational corporations and small to medium sized businesses with equal gusto. A well secured network that cost a certain amount of effort and money to put together can save your business thousands or even millions of dollars down the road in avoided data theft, lawsuits and massive business systems interference.

To avoid being an easy victim, follow these tips to harden your systems and make an attacker move on to easier prey. If you’ve already been a victim of an attack, let’s also examine some damage control procedures you can take to minimize your losses.

Preventing Hack Attacks and Securing Your Network

Physical Security

The first line of defense your computers and network will have against attackers is in their physical security parameters. If your machines and any sensitive documentation are easy to physically access, you’ll have a very easy and dangerous source of possible breaches. Keep all your doors and windows locked when no one is at the office, buy a quality alarm system and make sure it’s activated nightly with an access code that only your most trusted employees have access to. Don’t leave computers with sensitive information unsupervised or in the hands of employees you can’t trust well and if you print out any important information (particularly confidential client data), either guard it well in a secure place or thoroughly destroy it as soon as you’re done using it.

Another useful tip that could be classified as physical security for the particularly cautious is to separate your computers into red and green categories. This is a step certain government security agencies apply to their systems and consists of having green computers with no access to a network as data storage points for very sensitive information, and red computers that are connected to a network, a cloud system or the external web; these being used for day to day activities and not storage of sensitive date.

Data Backup Strategy

Every company is inevitably going to build up many, many gigabytes or even terabytes of extremely important data that needs to be kept for reference or work purposes. The loss of all this information can be a complete catastrophe for some companies. It absolutely needs to be protected by a backup strategy. Instead of simply storing everything on your office and network computers, consider backing your data up to a second set of servers that either you yourself own at a different location or (even better and more convenient) sign up for a trusted and highly secured cloud storage service that offers multi-terabyte data space. Train your employees to regularly back up all information and anything they create to the cloud. This will save you from the information misfortune of losing everything if your office burns to the ground or is the victim of computer theft.

Antivirus and Network Intrusion Systems

Protect your network with a robust antivirus implementation that covers every computer, all of its online activity and exchanges between machines in the network. You should go for a strong, commercial system such as those offered by companies like Kaspersky Labs, AVG and Bitdefender. Furthermore, ensure that you stay on top of regular security updates from your antivirus software provider.

As an additional step, you should strongly consider hiring an IT security person for full time network administration. Have them install and regularly monitor a network intrusion detection system that watches over your entire network. Such systems are complex and require full time dedication, but they do monitor security aspects like bandwidth and activity supervision, virus checks, changes in file settings and permissions, packet sniffing and regular checks of every single network PC for unusual activity or contamination. Have your network intrusion system coupled with your antivirus protection in order to simplify security.

Firewall Protection

A powerful firewall around the machines on your network will dramatically reduce the likelihood of attacks; especially if it’s coupled with the above-mentioned antivirus and network intrusion systems to create a certain degree of security redundancy. A quality firewall will prevent unauthorized access to your computers from external sources; protect your computers by preventing employees inside the network from accessing external sites that could be harmful and also protect unsolicited applications from effecting changes inside your computers or the network. Network intrusion protection systems usually include firewall protection as an existing measure.

Software Patching

Ensure that all your software is up to date and secure. Set all of your computer software systems to automatically update themselves whenever new patches occur and instruct your employees not to interfere with this process. The constant software updates that most systems go through periodically aren’t there just to annoy users; they’re designed to cover constantly emerging Internet threats.

Passwords, Removable Devices and Encryption

Create a password policy for all your machines that requires all of them to be secured by long passkeys of multiple differentiated characters. These are much harder to crack with anti-password software and can save you from some very heavy intrusions. Ensure that your employees memorize these passwords and don’t simply write them down somewhere where anyone could end up running across them. Also, for any removable devices like USBs, laptops and tablets that employees will be taking home or on business trips to work with them; make sure they are protected by password activated encryption and that they only contain the essential date for a given workload. This should particularly apply to overseas business trips.

Ensuring Client Confidence

If your company has implemented all of the above network and computer security steps, it should already feel quite confident in much less likelihood of being attacked by hackers and data thieves. Furthermore, your company should advertise an overview of how it manages security in order to make clients feel secure in entrusting their business, money and confidential date with your systems. However, advertising your security should also not involve giving too many details away, since knowing that a company is secure but not knowing just how extensive the security is can also work as an attack deterrent; maintain a certain aspect of confidentiality.

In the event of security attacks, quickly establish a timeline that defines where and when the attacks occurred in order to better track the intrusions progress and what may have been infected or breached. This will let you know how client information might have been affected.

Managing Security Breaches

There are numerous types of hacker attacks which can occur against a network, but to keep things simple the main types are structured external attacks (attacks of a planned nature, usually conducted by criminals), unstructured external attacks (conducted by thrill seeking hackers) and internal threats.

Finding out which type of attack is going on is usually a question of detailed traffic and program routine analysis; finding out where the attack originated from by tracing its movement. In many cases, if an in-progress intrusion is detected, the best practice is to observe it at first and in doing so trace its source in order to allow a better response. Once the hackers’ activities have been traced, the next step should be to immediately cut off the access route they used and keep an eye on possible alternatives they could try later; this while at the same time removing any malware the hacker has installed and repairing any damage done.

Beyond measures like this, other important methods of dealing with security breaches include applying access control lists on firewalls, routers and network intrusion systems; disconnecting the host that’s being attacked from the rest of the network; disconnecting the whole network from external contact or disconnecting a certain company website from the internet.

Once the attack has been stopped, the process of repair and re-securing should begin, with all the proper changes done to make sure the hackers can’t access you by the same or related means again.

Another important part of dealing with active security breaches is to document and record everything that was observed, all systems that were affected, how and how the threat was dealt with. Any infected data or systems should be reviewed thoroughly and system logs checked for more evidence.

About the author: When John Dayton isn’t offering the best in technological advice, he is busy covering the best that forensic engineering has to offer.

Leave a Comment

The Crisis Show

Talk crisis management with the pros

Tonight marks the first episode of The Crisis Show, a broadcast featuring the talents of Bernstein Crisis Management president Jonathan Bernstein, crisis/litigation expert Rich Klein and social media pro Melissa Agnes. Together, they will provide crisis management analysis for high profile and currently breaking crises around the world, as well as addressing user-submitted questions.

We’ll be streaming The Crisis Show via Google Hangouts to our YouTube channel every Wednesday at 7 p.m. EST (4 PST) starting today, June 13, so join in! If you can’t make it live, all past episodes will be archived right on YouTube for your convenience. Here’s a brief preview:

The BCM Blogging Team
http://www.bernsteincrisismanagement.com/

Leave a Comment

Forward Thinking Means Better Crisis Management

Plan ahead to protect yourself

When we sit down to discuss crisis management with clients, one of the first steps we take is to have them list what they see as their vulnerabilities. From internal problems like disgruntled employees and mechanical breakdowns, to external issues like supply line disruptions or lost shipments, the list of potential crises is significantly longer than most expect. Not only that, but it’s also constantly shifting as your company changes and grows. How, then, do you stay prepared to battle these crises?

The following quote, from an OpenView Labs blog post by David Calusidan, is an excellent piece of advice:

Constantly assess your primary risks

Forward-thinking companies take a strategic approach to crisis communications by continuously assessing the risks associated with their businesses.  The key to this effort is to establish a risk-aware culture and a process whereby employees can funnel their ideas about potential risks through management to an appointed member of the crisis communications team. For each risk, the team should assign responsibility for continuous monitoring and assessment, taking actions to mitigate risk when possible.

Simply put, and extremely effective. By planning (and preparing) for risks before they become reality, removing the old school block in communication between average employee and executive suite to facilitate crisis spotting, and creating clear-cut roles and responsibilities within the crisis team, you create a well-oiled crisis management machine.

The BCM Blogging Team
http://www.bernsteincrisismanagement.com/

Leave a Comment

Preparedness

Preparedness LLC is a client-focused risk consulting company with a long track record of assisting their clients in safeguarding people, protecting property and minimizing business interruption. Their eNewsletter frequently covers topics of importance to anyone in the business or crisis management fields from advice on readying your home and office for major storms to preparing emergency management and business continuity plans and implementing National Preparedness Standards.

A crisis response plan will not save your business when it is struck by disaster. You must actively prepare and prevent for as many possible incidents as you can to truly minimize risk.

JB

Jonathan Bernstein
www.bernsteincrisismanagement.com

Leave a Comment