If you suspect you've been breached get law enforcement involved right away. Do not turn off any suspect system(s) or attempt to initiate your own investigation (unless you happen to be a certified digital forensic investigator) or make any changes to the suspect system(s) whatsoever. Start with your local PD, they will escalate as needed. After that start the customer notification process. Study after study has shown that companies that get ahead of a breach fare much better than those that don't.
From Data Breach Today:
U.S. Attorney: Managing Fraud Investigations
Knowing exactly when to share information with law enforcement in the wake of a breach is challenging, says Assistant U.S. Attorney William Ridgway, a featured speaker at Information Security Media Group's Fraud Summit Chicago on May 19.
No comments:
Post a Comment