Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

I’ve been hacked  the essential steps to take next

222 views

Published on

It happens. A place you shop at frequently gets its data stolen. Someone was able to get access to one of your accounts. Or a system you manage gets compromised. No matter how the data breach happened, it is important be prepared ahead of time before the worst happens. Join Brian Pichman as he helps you put a proactive plan in place and what to do after you or your organization has been hacked. Attendees will walk away from this webinar with a toolbox for their library and to use to educate their users.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

I’ve been hacked  the essential steps to take next

  1. 1. I’ve Been Hacked The Essential Steps to Take Next BRIAN PICHMAN | EVOLVE PROJECT
  2. 2.  It happens. A place you shop at frequently gets its data stolen. Someone was able to get access to one of your accounts. Or a system you manage gets compromised. No matter how the data breach happened, it is important be prepared ahead of time before the worst happens. Join Brian Pichman as he helps you put a proactive plan in place and what to do after you or your organization has been hacked. Attendees will walk away from this webinar with a toolbox for their library and to use to educate their users.
  3. 3. Myths  I’m not worth being attacked.  Hackers won’t guess my password.  I have anti-virus software.  I’ll know if I been compromised.
  4. 4. Understanding Breaches and Hacks  A hack involves a person or group to gain authorized access to a protected computer or network  A breach typically indicates a release of confidential data (including those done by accident)  Both of these require different responses if breaches/hacks occur.
  5. 5. Examples of Hacks/Breaches  An employee/family member allows a hacker to access their machine through:  Email Attachments  Social Engineering  Walking away from their computer unattended  An employee/family member sends information to someone thinking they are someone else  “Hi, I’m the CFO assistant, he needs me to collect all the W2s”  Or more intrusive –  There is an attack on a database or server that then allowed a hacker in (SQL Injection)  There is a brute force attack or someone guessed the password on a key admin account, on servers/networks, etc.
  6. 6. The Costs Of Breaches  This year’s study found the average consolidated total cost of a data breach grew from $3.8 million to $4 million. The study also reports that the average cost incurred for each lost or stolen record containing sensitive and confidential information increased from $154 to $158 [IBM 2016 http://www-03.ibm.com/security/data-breach/]  Data Breached Companies Experience…  People loose faith in your brand  Loss in patrons  Financial Costs  Government Requirements, Penalties, Fees, etc.  Sending of Notifications  Payment of Identity Protection or repercussions. https://betanews.com/2016/02/10/the-economic-cost-of-being-hacked/
  7. 7. Agenda  What you (as a library) should do if you’re hacked or compromised*  What you (as a person) should do if you’re hacked or compromised.  Protecting yourself from future attacks *Always seek legal advice before moving forward on any action – from how you communicate to what parties you involve during a breach.
  8. 8. You as a Library - Obligations  You are obligated to protect the data and privacy of:  Employees  Patrons  Business Partners/Vendors/Etc.  Sometimes, we forget we house a lotof personal and identifying information about our employees and patrons.  Employees Social/Payroll/HR  Patron Records/Accounts/Catalog History(?)  What employees/patrons are accessing on the web  A sniffing tool, key logger, or fake DNS redirects can monitor not only the sites people are accessing but what they use for their username / password
  9. 9. Steps – Communication and Speed!  Communicate  People will ask “How long did you know XYZ happened” before communicating to them an attack occurred.  If you discover a breach, hack, or any other compromise that may have the impact of data being stolen or viewed, you MUST communicate quickly and effectively.  While every scenario is different and has different factors – groups that move faster with the information they know (as soon as they know it) they are generally better off long term (ie don’t’ wait months as you “investigate” the issue. Give people time to protect themselves)  Don’t over communicate and have one spokesperson  Be clear and concise. Too many details can be harmful.
  10. 10. Other Points on Communication  Once you know a breach has occurred, by law you are required to inform customers if their data has been compromised.  Some states have deadlines of when the announcement has to be made  Every impacted person must be told that a data breach has occurred, when it occurred, and what kind of information was compromised.  Answer: what are you doing to provide a remedy and should they do  (next slide)
  11. 11. what are you doing to provide a remedy and should they do You as the Library  Build a website with information about the breach  Offer a Toll Free number people to call in for questions  If the possibility of social information provide contact information for Equifax, Experian and Transunion, and the quick links for fraud protection. Them as Impacted Parties  Fraud Protection (if necessary)  Request them to change their passwords if their password was compromised  Highlight if they use this password on OTHER sites to change those passwords too
  12. 12. Step 2 - Investigate  You will most likely need to hire an outside cyber security firm – they have the tools and resources to track what might have been stolen and who stole it.  Solve which computers and accounts were compromised, which data was accessed (viewed) or stolen (copied) and whether any other parties – such as clients, customers, business partners, users, employees. Was the stolen data encrypted or unencrypted?  Also involve folks from the people you pay for services (depending on where the breach occurred) such as ISPs, Web Hosting Providers, Security Software, Firewall Vendors, etc.  Contact your local, county or state police computer crimes unit and the FBI, which can do forensic analyses and provide valuable guidance
  13. 13. Step 3 – More Communication and Follow Up  If you notify more than 500 impacted people from a breach, many states will also require you to file a notice with your state attorney general’s office.  HIPPA, FERPA, CIPA, and all those other scary acronyms have requirements and regulations – make sure none of those rules are violated.
  14. 14. Step 4 Solve It  Through the investigation and hiring of consultants and engagement of local/state/federal groups – find out what happened and how to prevent it from happening again  Removing infected computers or servers (if it was from a virus/malware)  Consider reformatting hacked computers and restoring data with clean backups or replacements  Removing access from the outside world to your network (or specific applications)  If the breach occurred because of non patch system or software – patch it, then put a policy in place to check patches.  If the breach was done through a stolen or weak passwords, secure those accounts and set new, complex passwords that will be hard to crack.  Communicate the resolution and promise to the users impacted
  15. 15. Repercussions  Depending on the severity of the hack and type of hack you may:  Need to pay a fine/penalty from a governing body if it was because of lack of security or no reasonable efforts to defend users data  Pay for identity protection for those impacted users (usually at least a year)  Pay a settlement
  16. 16. Moving Forward / Preventon  Make sure your security defenses are running properly and that data is being backed up securely.  You should run activity logs and tracking on all network devices and public facing servers. These logs should be checked and monitored for unwanted access or sudden activity.  Follow up with vendors to see what they are doing to protect your/their data – and share with customers best practices for their own security (like strong passwords).  Create a disaster recovery plan and train employees so everyone can respond quickly and calmly if they know of an attack or see something that could be indicative of being attacked.
  17. 17. cyber-insurance  Policies can be purchased from most major insurance carriers for between $5,000 and $10,000 per $1 million in protection.  Policies will generally cover:  Legal Fees  Forensic Fees  Costs for providing customer credit monitoring for those impacted  Any court costs related to civil litigation and class actions.  Some policies include access to portals/support so if and when an attack occurs, you can get guidance and support on what to do.
  18. 18. Training for Staff  Not installing software on the machine  You could put secure rules in place to prevent installations  Not opening attachments or clicking on links from senders you don’t recognize.  Teach staff that IT support will only email communications in a specific template from a specific address. Any other emailing claiming to be “IT” isn’t them.  Have staff either take an assessment after training and/or sign a document agreeing to practice best practices for security.  Checking Non-Work Related Functions (like emails) – caution users from accessing personal email or personal information while at work – as the IT team will not be monitoring that email for malicious messages.
  19. 19. You – As A Person (If Infected Machine)  If you think you infected your machine (through an email, virus, etc)  Disconnect it from the internet.  Immediately shut down the computer  If you notice an odd message take a photo first so an IT person (or you) could do more research  You can remove your drive from your computer and using another computer (that’s not network connected) run scans on the drive.  Depending on the severity – you may need to wipe your computer.  If this is a work computer – always inform IT Security or IT. They rather have a false alarm than an actual issue leak to the entire organization.
  20. 20. If Your Email Got HiJacked  If its your personal email  Send an email to all your contacts letting them know (if a fake message was sent out) that it wasn’t you who sent the message and to delete it.  Change your email password.  Google will tell you what sites you have connected your Google Account too:  https://myaccount.google.com/intro/secureaccount  If it’s your work email  Inform IT / Security – and ask them the best course of action.
  21. 21. You Heard Of A Breach  Change Your Passwords!!  And I’m hoping you don’t use the same password for all your accounts  Do some investigatory work of your own  Do you use this username on other systems?  Check to see if other sites you use have you logging in when you haven’t  Many websites allow you to get an audit of when and where you’ve logged in. Contact those sites support pages for details.
  22. 22. Tips N Tricks
  23. 23. Your Library  Administrative Accounts are easy to figure out if they are something like “administrator” ”root” or “power users”. At the same time, no employee should have their account as a full admin.  Instead, give them their own username for admin access (like brian.admin)  Change the default “login” pages for sites to something that’s not www.mysitename.com/login. Bots look for this and attack.  My Drupal Site login page is www.evolveproject.org/catpower  User Awareness is key to any secure organization. Teach users how to identify potential threats and how to respond quickly.  Avoid shared accounts. One account should only be used by one person.
  24. 24. You  Sites to protect yourself all the time (not free)  IdentiyGuard.com  LifeLock.com  Sites to monitor when breached data gets related (this is free)  Haveibeenpwned.com  Password Management Sites (like lastpass.com)  Don’t have the same password for all your sites.  Don’t write your passwords down on a post-it-note and leave it at your desk
  25. 25. Dual Factor Authentication  After logging in; verify login via Email, SMS, or an app with a code.
  26. 26. Credit Card Tools for Online Shopping  Check out Privacy.Com  https://privacy.com/join/473XB shameless plug
  27. 27. Contact Me!  Brian Pichman  Bpichman@evolveproject.org  Twitter: @bpichman

×