330 W. Broadway, Suite 750, San Diego, CA 92101, US

(619) 531-3150

CATCH
image1

PREPARE AND PREVENT

  

Businesses should have plans for operations, security strategy, computer security incident responses, continuity, and a disaster recovery plan. In addition, also have onsite and offsite backups of system configurations and data, emergency power, and automated fail-over systems:


  • Perform regular backups daily and full backups weekly. 


  • Duplicate weekly backups, having one onsite and another offsite. 


  • Backups should be tested  regularly to ensure it can be restored without errors or data      corruptions.


IT staff should enable computer and network audit logging.  ​If unusual activity is found, have someone research it and take necessary steps to prevent malicious activity. Implement business procedures that keep client/customer data separate from other business records and from your website server.  ​Limit access to client/customer personal data to those who need it.  

image2

SECURITY GUIDELINES

  • Keep your servers and computers      up to date by updating security software and operating systems. 


  • Secure all wireless networks; enable WPA-2/AES encryption for mobile user accounts. 


  • Train users in proper use of systems, including cybersecurity awareness and potential cyber threats from the Internet and e-mail. 


  • ​Implement and monitor Internet filtering to block access to websites that could potentially be the source of malware. 


Follow and implement the regulations, standards, and procedures from recognized national and international institutions such as:


  • Information Technology Infrastructure (ITIL). 


  • The International Standards Organization (ISO). 


  • National Institute of Standards and Technology (NIST). ​​​​

image3

RESPONSE


  • Record the date and time when the breach was discovered as well when response efforts began.


  • ​Alert everyone in response team, including external resources, to begin executing response plan. 


  • ​Secure the premise(s) around where the data breach occurred to help preserve evidence. 


  • To stop additional data loss, shut affected machines offline, but don't power or turn      them off.


  • Document  everything known about the breach: who discovered it, who reported it,  to whom was it reported, who else knows about it, what type of breach occurred, what was stolen, how was it stolen, what systems are affected,  what devices are missing, etc.


  • Conduct interviews with those involved in discovering the breach and anyone else who may know about it. 


  • Review protocols regarding disseminating information about the breach for everyone involved in the early stage.


  • Assess the priorities and risks based on what you know about the breach. 


  • Bring in the forensics team to begin an in-depth investigation. 


  • Notify law enforcement, if needed, after consulting with legal counsel and upper management.