When considering what your next steps should be after realizing you may have had a breach, you may be overwhelmed with your responsibilities. A breach in your secure information puts not only your company but your clients’ and your employees’ security at risk – and the fallout from the average data breach can easily reach millions of dollars for an organization. From municipalities to Fortune 500 companies, we’ve all seen that data breaches can happen to any company, at any time. While having the correct security measures and backup storage is essential, what does it look like if you still have a breach in your protocols?
DSA Technologies, a recent acquisition of Executech, has helped many organizations come back from a breach and ensure the business continues operating as effectively as possible. We’ve seen a multitude of scenarios, from hacking to ransomware to security oversight. The one we see all too often is a security risk from internal personnel that should have been avoided. Below is an account of what it could look like if an organization’s security measures fail and an internal breach reaches catastrophic levels.
The Nightmare Scenario – An Internal Data Breach
Personnel changes are part and parcel of the business world. It happens daily, and in many departments. When it happens in the IT department, specific measures should be taken to ensure security is kept top of mind. In our scenario, an IT Manager was instructed to disable Domain Administrator privileges in preparation for a layoff of an IT professional who had worked for a corporation for a few years. This IT professional had all the “Keys to the Kingdom” as a Domain Administrator which meant this individual had access to all of the corporate data and resources.
The IT Manager mistakenly fails to disable a third-party remote management tool, along with permissions to a storage device. The IT Manager powered down the IT professional’s workstation believing the necessary steps were completed.
The next morning, the corporation’s clients email accounts were unable to send and receive, therefore, complaints were flooding the corporation’s Help Desk. Within the next couple of hours, it was determined hundreds of email accounts had been deleted, and all auto-renewals on accounts had been shut off. Help Desk escalated these complaints to the IT manager and other management personnel.
The IT Manager now noticed the workstation that was powered down previously had mysteriously been turned back on and active. The IT manager is surprised and powered down the workstation a second time. Of note, another professional noticed the mouse on their computer was moving as if it was being remotely managed. In addition, they noticed the login account name appeared to be different than what they were used to. In turn, they notified the Help Desk of this strange behavior.
In the meantime, the IT Manager shut down all external access to remote offices and contacted third party domain administrators to research further why email accounts had been deleted. It was determined the data storage array was also deleted during this breach. Therefore, since no data was accessible, all employees were directed to shut down their computers and were dismissed for the remainder of the day.
The corporation failed to have escalated privilege user accounts which would only allow select individuals to have permissions to such administration tools. The laid-off professional was able to access the internal resources of the corporation by using a remote management tool using his personal credentials which was set up for individual users and ultimately sabotaged the corporation.
The summation of time, data, and resources lost to the company for one misstep of the IT Manager could be catastrophic for the business. With an outside security firm, each step of security protocols like personnel changes would have been documented, QA’d and confirmed before initiation.
While this scenario is unsettling, it’s not the only one that can lead to a data breach for an organization. Each action businesses take daily could have lasting repercussions for the security of your company.
With our expertise in security and data recovery, DSA Technologies is capable of assisting an organization after the realization of a data breach, as well as mapping out actionable steps to avoid devastating breaches like this.
What Do Security Experts At DSA Technologies Do After You Connect With Our Team?
- Contact Management to discuss and collect information and confirm an actual breach, what type, time frame and individuals involved
- Conduct a thorough investigation by interviewing individuals involved to collect knowledge and/or factual data
- Isolate the affected systems and eliminate the cause of the breach
- Immediately change all passwords throughout the organization
- Determine if any Personal Identifiable Information (PII), Health Insurance Portability and Accountability Act (HIPAA), and/or Personal Credit Information (PCI) had been exposed, and take the necessary steps to protect the sensitive information
- Conduct a Network and Security Assessment/Audit
- Make forensic copies of Hard Drives of all compromised computer systems affected in the breach
- Review of forensic Hard Drives to determine if additional information can be obtained
- Review of all logged data (Firewall, Routers, Switches, Storage Devices, etc.)
- Contact local and federal law enforcement agencies, if necessary
- Provide recommendations for future company security
- Implement policy and procedures to prevent a recurrence
- Offer Penetration Testing (PEN testing) to identify network weaknesses
- Offer to hold classes to educate end users on how to avoid data breaches and phishing attempts
These are just a few of the steps we take when faced with a data breach. Looking for your next steps? Contact our team before more time is lost.
Or, hopefully, looking to avoid a breach in the first place? Start with a security assessment. Download the Ebook highlighting our security services now.