Data Restoration After a Breach: What You Need to Do

In today’s digitally dependent world, where business is conducted at the click of a button and people connect with each other more easily than ever, there are built-in risks associated with constantly updated technology, like with data breaches that can completely sideline a company.

This spring, a data breach of Capital One resulted in a hacker gaining access to personal information related to credit card applications from 2005 to 2019 for consumers, small businesses, and applicants. The financial institution detected the breach on July 19 and showed exposure to personal data such as names, addresses, dates of birth, credit scores, transaction data, Social Security numbers, and bank account numbers.

When a system has been compromised, the operating system volume must be completely reformatted and a new operating system needs to be installed. Also, any applications running on compromised systems need to be reinstalled to reinforce integrity in security. But even with this, it’s nearly impossible to guarantee that the new system is safe from another attack.

Another option is to manually rebuild an operating system, but this can take up valuable time as well as earning potential for a financial institution.

Next Steps

After a restoration plan is set, IT professionals at a company need to determine the scope of the attack. Forensic analysis is based around a full-scale review of a myriad of audit logs. While this is tedious work, it can be used to retrace an attacker’s actions which would allow the company to get results on which systems were impacted.

Knowing how the attack was executed will help to prevent more attacks down the road. Any affected systems should be investigated for signs of further compromise because the attacker(s) may have left other malware behind on the system, leaving digital footprints.

During an investigation of the breach, you should be able to determine which systems were affected and what data was put at risk. From there, notifications should be sent out to any and all parties that may have been affected by the breach. From state to state, notification laws can vary. Because of this reason, the window of time that a business has to notify its customers, vendors, and others may be different. In general, the faster, the better.

Authorities should also be notified as soon as possible so they can lend some help during the investigation.

Restoring Data

When it comes to restoring data and assets that were compromised, you have a number of options, depending on how you’ve prepared for the security breach. In most cases, it may be possible to wipe or replace the data storage drives of the IT assets and re-download any lost data.

In some cases, it may be possible to activate cloud-based replicas of a network environment to restore a business’ network to normal while an investigation is underway. How you restore the assets on your network will completely depend on the business continuity and disaster recovery plan that is in place.

Cyber Liability Insurance

A company, especially a financial institution, should be running every day with some form of first-party coverage. This kind of coverage can help cover the costs to recover lost data, notify those affected by a breach, and provide identity theft protection. This coverage is full-scale and also offers credit monitoring as well as helps to fix vulnerabilities in a system.

This kind of protection can be complex to understand, so it’s important to work with professionals, such as those at FGIB when it comes to getting the right coverage for your business and your clients.

About Financial Guaranty Insurance Brokers

Since 1983, Financial Guaranty Insurance Brokers has distinguished itself as a provider of Professional Liability, Cyber Liability, and Crime insurance products for entities of all types. To receive timely, personalized service from a knowledgeable and experienced staff, call us today at (626) 793-3330 to speak with one of our professionals.