October 29, 2013 10:41
If your organization uses cloud-based file sharing designed specifically for business use with strong safeguards (e.g. end-to-end encryption), you can skip this article. If your employees are using a consumer focused file-sharing solution, the following four steps might be an interesting little wake-up call.
- Investigate, identify and fix: Murphy's law in security states that if it can be breached, it will be breached, and it will continue to be compromised until it is truly fixed. Worse yet, this process tends to uncover additional security gaps, which will require additional resources. During this step, someone will have to document the incident in great detail: who discovered the breach, when did it happen, how much data was compromised and what type of data was it? This will require several lengthy interviews and weeks of investigation. Got time for that?
- Inform internal authorities: Your organization will need to hold several meetings with the internal stakeholders directly affected by the breach. This includes accounting, HR, IT (i.e. you) and the entire upper management team - not a very valuable use of anyone's time.
- Inform the external authorities: When your data has been stolen or compromised, you will need to also alert various levels of law enforcement (FBI, secret service, etc.) as well as your legal counsel. If your organization has a PR/crisis management team, this is their time to shine.
- Inform the end users: Sorry, but if data was compromised, it is best that the employees hear it from their own organization first instead of reading about it on the Internet. Aside from the written communications, your helpdesk is going to be swamped with questions about the data breach so they need to ramp up for heavy traffic.
Depending on your industry, your data breach checklist (by the way, do you have one?) will vary in terms of exact tasks, but the following is pretty much universal: You have got to find it and you've got to fix it - and you've got to let a number of parties know all the messy details. I would recommend using an external Incident Response company that knows what they are doing. The rules of evidence in cyber crime forensics are easy to break and that gets you further in the soup.
The real point here is that data breaches redirect valuable resources away from production time and easily cost hundreds of thousands of dollars. So if you've tried everything and still can't convince upper management to block all consumer file sharing sites in your firewall rules, maybe this short checklist will do the trick.
With grateful acknowledgement to, and adapted from:
Note: links to third party web sites are provided for your convenience only. Bank of Ann Arbor does not control those sites or their content.