E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


CHECKLIST: WHAT TO DO WHEN YOU'VE BEEN HACKED

Source: SearchSecurity.com

Posted on February 10, 2006

      You have just gotten the call from an associate at work that the network you're responsible for has been hacked. You're going to need to make some decisions very quickly as to what needs to be done. Individuals who haven't planned for such an event may actually be thinking, "Do I have a current copy of my resume?" There's no room here to feel that you're invincible against such an attack. Just last December, Guidance Software, Inc., a company that develops forensic and incident-response software found this out the hard way when it was reported that a hack attack cost them 3,800 customer credit card numbers.

      Privacyrights.org listed eleven security breaches in just the month of December 2005. If you're faced with such a reality as these eleven companies were, hopefully you had the forethought to establish an incident response (IR) plan. It's really one of the most important steps, in that you are coming to the realization that an attack could happen to you -- and if it were to occur, the IR plan would detail how you would deal with it, what steps you would take, and who would respond.

      Such a plan would need to address the following questions:

1. What will be your initial response?

      You really have two options here. First, you can let the system continue to run or you can pull the plug. Each needs to be considered. Leaving the system running may allow you to gather additional information about the attacker without him knowing his activities have been discovered. However, if real damage is occurring, you may have no choice but to pull the system offline to limit the effects.

2. Who committed this crime?

      When dealing with malicious activity, you are going to want to try and answer this question. Was it someone inside the organization or was it an outsider? Answering this question is critical, because if it is an insider, you'll want to find out who it is in order to act immediately. If the attacker is not an employee and is not within legal jurisdiction, you'll face a host of other issues. Keep in mind that computer crime laws vary from country to country.

3. Will you attempt to prosecute the offender?

      You may think that this is an easy question to answer, but just look at the statistics. The 2005 CSI/FBI Computer Crime survey found that only 34% of respondents reported intrusions to law enforcement. This number remains low for a variety of reasons. Large on the list is that many organizations don't want the negative publicity that comes with such a prosecution.

4. Are you required by law or mandate to report this breach of security?

      There's a host of industries that are required to report security breaches and laws such as HIPAA require it. States such as California have strict reporting laws and have decided that the consumer has a right to know.

5. How did this occur?

      This is something that you must know. Whether it was a weak password or vulnerability in a piece of unpatched software, you will need to find out what went wrong. Was there a policy in place to prevent such an event that simply wasn't being followed or was something simply overlooked?

6. What lessons are to be learned from this event?

      At this step, you are going to want to implement changes to keep the event from happening again. Training employees in the revised practices should be part of this activity.

      Now that you have a better idea of the activities that would take place if you were hacked, you may be motivated to get started in developing a good incident response policy and CERT.org is a good place to start. After all, a good defense requires planning and preparation. Being proactive may help you turn a potential disaster into a minor blip and serve to highlight your skills and value to the company.




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.