How to Manage a Data Breach

Mon 24th Jul 2017
How to Manage a Data Breach

When it comes to PCI compliance, in the event of a breach it's mandatory to contact the relevant authorities.

1) Start your incident response plan
An incident response plan can minimise the impact of a breach, reduce the fines you would incur, decrease negative publicity and help you get back to running your business quicker.
A business can notice that they have been breached in four different ways;
• The breach is discovered by someone within the business, using intrusion detection systems, event logs, alerting systems, system anomalies or anti-virus.
• Your bank gets in touch with you, advising that you have been breached as a result of customer reports of credit card fraud on their accounts.
• Contact from law enforcement officials who have been investigating the sale of stolen cards.
• A customer contacts you advising that fraudulent charges have been occurring on their account after they used their card buying from you.

2) Preserve Evidence
Without taking the correct procedures and involving the right authorities, you could lose valuable forensic data that could be used by investigators to discover how and when the breach occurred and avoid attacks in the future.

Don’t make hasty decisions, don’t erase and re-install systems and follow the incident response plan.

3) Contain the breach
• Disconnect from the internet by unplugging the network cable from your firewall/ router
• Document how you noticed the breach, the date and time, how you were notified, all actions you have taken from the beginning to the end, if and when you disabled the remote access and passwords.
• Disable and don’t delete all remote access and passwords to any wireless payment devices, making a record of old passwords for investigation later.
• Update username and passwords and make sure they contain more than 7 characters with upper and lowercase letters, numbers and special characters.
• Isolate all hardware devices that process payments from other devices in the business and add to their own network and keep them switched on.
• Keep malware that your anti-virus has found isolated for investigation later.
• Keep your firewall settings, firewall logs, system logs and security logs and take screenshots.
• Restrict access to servers and ports that aren’t used for processing payments, or remove the card payment facility from any devices that need internet and process using stand-alone terminals.
• Contact your merchant bank and let them know about the situation.