Managed Service Provider Approved Tips: What to Do if Your IT Security Has Been Breached

July 17, 2019

A security breach is the last thing any business owner would want to happen to their business, because that would put everything they worked for in jeopardy. It goes without saying that enterprises using IT solutions to some extent would make sure they pay attention to not just physical security, but IT security as well. Any managed service provider would, of course, do the same, since they’re responsible not just for their own IT systems but those of several other companies.

 

Even with all the precautions taken, though, there will be rare instances where an IT security breach does happen.

 

As scary as that sounds, there are steps you can take to ensure the breach doesn’t affect your operations as badly as it would have if you didn’t do anything to try and contain it. That said, here are a few tips that a managed service provider would give you to try and keep a security breach from worsening and affecting your business too much.

 

Check Individual Email Accounts

 

If you suspect the security breach originated from one person’s email account, one of the first things you need to do is have them log out. Then you can change their password, which they can then change later on for something they’d find easier to remember.

 

If necessary, check their mailboxes as well for any emails that have been forwarded or deleted—or both. That way, you’ll have a better idea of how bad the security breach was, and what other steps to take in light of that new information.

 

If you haven’t done so already, enable two-factor authentication—something a managed service provider would do for their own employees. A log-in process that requires two keys, such as a password and a security question, is harder to break into than just a simple login.

 

After you’ve done this, have that employee log back into their account using two-factor authentication to ensure that they can log in from their unit.

 

Check Individual Stations

 

Sometimes, a security breach may come from malware that found its way to a computer through a website or a file downloaded off of the web. If you suspect this is what happened, you’ll need to check user workstations to try and find the malware responsible.

 

If you haven’t already done so, install a next-level antivirus such as Sentinel One and then initiate the scan. Once the scan has finished, check the results so you can confirm whether the station is free from viruses and other malware. If needed, carry out any actions the antivirus recommends, such as deleting the affected file or program.

 

Run Checks at the Domain Level

 

It always pays to be cautious, so try running an e-mail system monitoring tool such as Liongard. The tool will gather data for about 24 hours or so, and will alert you if there’s anything suspicious in emails sent or received. This is helpful in learning whether or not other email accounts or other stations have been compromised.

 

Take Steps to Secure Other Accounts

 

If only one user has been affected so far, you’ll want to ensure that any other accounts they use are secured. For instance, a managed service provider could help with monitoring passwords, and then let you know if that user has been using the same password for all their accounts. If so, these will need to be reset.

 

For major accounts, like Google accounts or Apple accounts, it’s a good idea to enable two-factor authentication on top of resetting the password.  

 

Other Important Steps

 

It’s a good idea to have some best practices in place in case of a security breach. If, for instance, phishing emails had been sent from a client’s account as a result of the breach, email them to apologize, as well as assure them that you’re taking the necessary steps to keep the breach from getting worse. If you suspect data has been compromised, consult your attorney as well as your cyber security team - or your managed service provider if they’re the ones handling security.  

 

While there’s no way to completely guarantee your IT security is 100% foolproof, don’t get discouraged; it’s better to have some security than none at all. And if a security breach does happen, at least the above guidelines will help you keep things under control as much as possible.

 

Want to see our own checklist in the event of a security breach?

Take our free assessment

This one-of-a-kind digital analysis goes deep into diagnosing your actual status, strengths, opportunities and threats (did we mention its FREE?)