Stick The Landing: The 6 Steps For Boards Recovering From A Security Breach

Board meeting discussing cyber security

Why it isn’t the act of falling, but rather how your organisation picks itself back up, that really counts.

In this digital age, a cybersecurity breach is as inevitable as death or taxes.

Most board of directors will lament how crippling managing the latter can be, but when it comes to a security breach? The most pressing issues is one that most boards are largely unfamiliar with, having not yet felt the effects of Malware, Phishing Scams, or Zero-Day Exploits and the havoc they can wreak for weeks, months, if not years to come.

Despite this, many corporations consider themselves well prepared to deal with an attack. In a recent survey of New Zealand organisations, for example, some 74% claimed they were reasonably well-prepared for a security incident.

Preparedness for a cyber attack

This is a concerning figure, when you consider it was found that the average cyber incident response maturity of New Zealand organisations sits at just 1.7, sitting somewhere between Initial and Ad-Hoc on a 5 point scale.

Your board’s access to a wealth of highly sensitive, valuable information including client, vendor, and employee information as well as patents and intellectual property makes it a prime target. So while prevention is better than a cure, preparing for the inevitable should still sit atop your priority list.


Security Breaches Are A “When”, Not “If”

Let’s put the potential ramifications of these stats into context. According to an article published in the Cyber Security Review, “It has been estimated that half of the small businesses that suffer a cyberattack go out of business within six months as a result.

To maximise your board’s security, it’s increasingly clear that an effective risk management plan and complete data security strategy cannot be considered comprehensive if it doesn’t deal with the inevitability of a potential breach. As well as what happens in the hours, days, and weeks that follow.

A delayed response doesn’t just affect the recovery process, it also highlights that your board is ill prepared for a breach of this nature, which can further harm your reputation when the last thing you need is more bad news.

Some board members may be apprehensive, seeing this as an admission of failure. The reality is far different, in fact. Being ready to act minimises downtime, limits bad press, and highlights that you’re aware of the realities of doing business in an increasingly connected world where new threats are just around the corner.


6 Steps that will help your board recover from a cybersecurity breach, with class

Recovering from a cybersecurity breach

1. Identify the breach

Many of today’s leading hacks, attacks, and breaches rely on their ability to remain hidden, where they slowly syphon important data like board minutes, memos, meetings, or agendas, as well as intercept emails and other network communications.

Identifying these issues is a major hurdle in the road to recovery, but robust internal monitoring, tools, and systems should turn up any unusual traffic, unauthorised IP addresses, or mass login attempts, for example, ensuring they’re caught at the earliest possible time.

2. Set up virtual containment lines

Isolating the breach as well as any affected files or hardware minimises the damage and fast tracks recovery. Depending on the nature of the attack, this could include taking servers or systems offline, revoking access privileges, and updating credentials.

Limited oversight and control over who has access to what can make this task difficult, which is why it’s recommended that boards employ effective Board Management Software with a robust feature set. Stellar Library, for example, makes it easy to update or revoke access privileges for devices and data with the touch of a button.

3. Find the gap in the fence

Tasking relevant departments with identifying the weak links in the security fence is where real change is affected. The ultimate aim here is to leave your organisation in a stronger position that it started.

It isn’t uncommon to face internal pressure at this time to fast track the process, and return to business as usual at the earliest possible date. However, effective recovery can’t be rushed. Unless these flaws are addressed, your board is simply inviting repeat attacks, and soon.

Related Articles:

4. Survey the damage

Upon triaging these digital would, it’s time to take stock and ascertain the severity of the breach. Was customer or employee data accessed? Copied? Stolen? What about sensitive information, data, or intellectual property?

Looking at it from this point of view, you’ll be able to identify whether this was simply the work of ‘Hacktivist’ hobbyist groups, or a legitimate attempt to siphon valuable data from your business.

Internal departments should be able to quickly and easily audit all internal files, folders, and other data for suspicious activity. More importantly, any affected files can then be restored from cloud backups or replicas, as outlined in your disaster recovery plan.

5. Notify those affected

In the aftermath of many of the 21st century’s largest security breaches, the silence has been deafening. Many corporations embrace a softly softly approach, which sees them talking in circles and spinning PR until the truth inevitably surfaces. In this context, recovery becomes that much more difficult.

The truth of the matter is that yes, you’re likely to face bad press post-security breach. However the long-lasting impact of a lack of transparency with press, customers, or clients, can further place your name in poor standing.

As far as is reasonable according to internal policies or country-specific laws, honesty is always the best policy. Many countries actually enact harsh consequences for non-disclosure.

Under the General Data Protection Regulation (GDPR), for example, you are required to “…report certain types of personal data breach to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible.

An open, honest recovery is the only path to rebuilding trust in the court of public opinion. For most customers or clients, the next best thing to an organisation that’s free of issues is one that it aware of, and proactively working to solve, them when they arise.

6. Prepare for the next one

At the time it will be difficult for your board to see a data breach as anything other than a hassle, but it’s also a learning opportunity if approached in the right manner. Theoretical planning will only get you so far, but being able to work through – and recover from – a real worth security breach enables you to identify gaps in your board’s policies, procedures, and IT infrastructure.

More importantly, you can look back over how the breach was handled, how it was received, and further modify your response so that you can minimise downtime, close vulnerabilities, and keep clients better informed when – not if – there is a next time.


Secure your files with Stellar Library

Salvaging lost files, data, or sensitive information in the wake of a breach can be a headache, as can reviewing just who has access to what files, and where. Stellar Library’s board management software makes it simple, offering a secure cloud-based environment where files are kept behind digital lock-and-key by administrators who can alter permissions on the fly with the touch of a button.

Sticking the landing and saving face may be difficult, but it doesn’t have to be impossible. With Stellar Library helping you securely store, share, and send your files, you’ll be better situated to recover from a breach with your files, data, and reputation intact.

Previous Post
Old Dogs & New Tricks: 7 Tips for transitioning to Digital Distribution, today
Next Post
From The Top Down: 5 Ways Technology Can Improve Board Governance