I’m Getting Hacked Where? Your Data Breach Response Checklist

Jeremiah Grossman, our Chief of Security and Strategy here at SentinelOne, has a great piece of advice to increase your security immediately.

Know What You’re Protecting.

Grossman says, “When a company gets hacked, it’s largely because there’s a computer, a box, a website that they didn’t know they owned.”

For small businesses this may be a wakeup call that is easy to remedy. If you only have a handful of IT assets, it shouldn’t take long to complete an audit. But for large enterprises, the undertaking would require outsourcing a consulting firm. Either way, companies need to know what they own, where they own it, and what the possible vulnerabilities could be. Doing this will help businesses reduce blind spots that can lead to data breaches, hacks, and other attacks.

Whether your company has already experienced a data breach or you just want to prepare, we’ve compiled a data breach response checklist that will ensure you know what you’re protecting.

Data Breach Response Checklist: Asset Management

If you’ve experienced a data breach, you’ll, of course, want to find the source, fix the issue, and execute your data breach response plan if you have one in place. But what about taking a closer examination of your assets?

  • Consider a desktop inventory management tool that catalogs devices on the network, documents the physical configuration and the software installed on each machine. With a complete inventory, it will be easy to manage software patches and updates that become security weaknesses if not kept up-to-date. That leads us to… 
  • Complete any patches and updates in a timely manner.Data Breach Response Checklist
  • If completing a manual inventory, set a schedule, whether it’s monthly or another timeframe that best fits with your business.
  • Assess ports on desktop firewalls, old anti-malware tools, and poor authentication measures.
  • Develop hypotheses after an inventory is conducted to pinpoint where data breaches have occurred or could possibly occur.
  • Conduct interviews with employees, customers, vendors, or any involved parties to help identify weaknesses and the source of the breach.
  • Investigate network access and determine if it has been, or could be compromised. If a compromise has been made, take measures to stop the attack and prevent further data loss.
  • Use single sign-on whenever possible to reduce the possibility of human error and leaked passwords.
  • Determine if passwords need to be reset or if accounts need to be locked out.
  • Conduct an access privileges review to include onsite and remote employees, vendors, contractors, and former employees.
  • Create a list of contractors and vendors that use endpoints connected to your network.
  • Update employee training on how to safely use their hardware and software.
  • Implement monitoring on all endpoints with next-generation endpoint protection.
  • Maintain detailed documentation of all steps taken.

You Know What’s On Your Network…Now What?

You’ve gone through our data breach response checklist and you are prepared to advance your asset management. But now what?

Knowing and keeping track of what connects to your network is imperative to your security, but it only steps one. With the increase in the frequency of major data breaches perpetrated by highly advanced cyber attacks, it’s essential to implement next-generation endpoint security for complete protection.

With SentinelOne’s sophisticated machine learning and intelligent automation across a single platform, you’ll be well positioned in protecting against data breaches and other threats. To learn more about how to keep your assets safe, read our white paper Learn How SentinelOne Makes Real-Time, Unified Endpoint Protection a Reality.