A data breach can have massive impact on organisations including financial and reputational loss and legal penalties. To lower the impact of the damage, it is essential to have some sort of incident response plans and disaster recovery plan. Here are some key steps that can be taken after a data breach:
- Isolating the affected systems: Disconnecting the affected and compromised systems is crucial as otherwise it can lead further data loss.
- Patching vulnerabilities: Applying security patches to trace the vulnerability that caused the breach.
- Monitoring : It helps security team to prevent further attack which possible for remaining system and network .
- Collecting evidences: This is another essential key step that must be taken because collecting evidence can help organisation implementing a better security posture for future.
- Complying with data protection laws: It is mandated by GDPR to notify the affected individuals and advise them about how to keep their data safe.
- Collaborating: Digital world is expanding and we are all connected to each other and collaborating plays a crucial role in this kind of situations. Organisation must report the breach to law enforcement if necessary.
WHITE LISTS AND BLACKLISTS
- Whitelist is a list of IP addresses, domains, or other services that are trusted and allowed to access to systems or networks. Whitelists are used to prevent unwanted and unauthorised access to sensitive assets such as server or domains.
- Blacklists are literally opposite of whitelists. They are used to block known malicious sources like spam or hacking attempts from known sources.
- It is essential that organisation have corporate firewall that can employ these lists to have a solid and secure posture.