4 Tips for Companies During a Data Breach
Website of UK telecommunications company TalkTalk was hacked by cyber criminals and data of over 4 million customers were compromised. Names, email addresses, phone numbers, addresses, and credit card details may have been accessed by this security breach.
The cause of the hack has not yet been disclosed as it is still under investigation. But tips for consumers who are affected would be to:
- Check your account regularly for any suspicious activity and report it to the company if found.
- Check your credit report.
- Never provide your bank details over the phone. Same goes with passwords or pin number
Yet again, this is another hack involving data of millions of customers. Add this to a long list of businesses who have already been victims to security breaches in the past.
How Companies Should React During a Data Breach
Given that this is already a growing concern, how should companies react when they fall victims to cyber attacks? IT security researcher, Andrea Tarquini, shares tips:
- Isolate and Resolve the Issue – Make sure that the breach does not branch out into other areas in the network. Depending on the location of the data breach, isolate the network and resolve the hack.
- Improve IT Security Policies – If the breach is caused by a vulnerability in the IT System (usually involving the Database or the access control system), you should test the IT Security Infrastructure and create or implement better IT Security Policies.
- Improve Data and Security Policies – In some other cases the breach may be caused intentionally or unintentionally by employees. It is absolutely recommended to create or improve ineffective company Data and Security Policies. Train employees about basic security concepts is the first step to avoid this kind of breach because a hacker always tries to “exploit” the weakest link.
- Be Transparent – If there’s a data breach, you should reach out to your customers and communicate the situation to them. Provide tips how they can protect their accounts. It should be placed directly in a company verified resource (like a website, or support/user area). This shows that the company knows the problem, is working on it and is finding a solution to avoid other hacks.
Learn to test web applications
Know how to perform a penetration test on web applications. Get started for FREE with a demo of our Web Application Penetration Testing course and understand the techniques in web app pentesting. Start here.
Andrea Tarquini is an IT Security researcher and software analyst/developer at eLearnSecurity. He is the main developer of JustCryptIt and IzzieCloud. He is also the author of ‘Ruby for Penetration testing and Metasploit’ section of Penetration Testing Course Professional.