Skip to main content

The First 5 Things to do After an Email Security Breach

By November 6, 2015June 14th, 2017Blog

It’s one of the potential business disruptions that likely keeps you and your department up at night: the threat of an email security breach. And with good reason: In a typical year, businesses account for around 84 percent of all email security events, a problem that cost U.S. companies nearly $40 billion in 2013.

When you hear the news of the latest big email security breach, you likely find yourself wondering how your own organization would react. Sure, your department probably has a few protocols in place, but how can you personally help to minimize the damage? Here, we take a look at five key steps you need to take after an email security breach:

1. Fix the problem.

First thing first: Fix the data leak and determine which servers were impacted. Collect read-only disk images of each affected server and then store them securely. They may be necessary if legal action emerges from this data breach.

Best practices include isolating your network during this phase of the recovery. Any server, computer and other device that contains the most important data should be taken offline as you fix the core problem. This will help to stop any additional data loss.

Before bringing everything back online, be sure to update your credentials for key online accounts and servers to ensure a fresh start. Then, test the security fix—and retest to make sure the original flaw is fully patched.

2. Understand the root of the issue.

Do some digging and find out where the breach originated. Was it a network vulnerability, a user mistake or some combination of factors? In larger, more complex enterprises, you might employ forensics software to determine the cause of a breach.

3. Evaluate your losses.

Carefully comb through the affected servers to determine what data may have been swiped. During this stage, you might partner with a third-party provider that specializes in data breaches and gap analysis, if the losses are significant. Depending on the nature of the stolen information, your company may decide to take legal action at this point.

4. Contact all involved parties.

Now that the problem has been resolved, contact the local authorities, your internal legal department and any outside legal experts that you want to get involved. Your public relations department should also be looped in to begin reputation damage control.

Be sure that someone in your organization has researched local data breach notification laws. In certain areas and industries, requirements dictate when and how data breaches should be reported.

5. Learn from the experience.

As an IT expert, you can help see that your company as a whole learns from the email security breach. Hopefully, you’ll now have the support you need to take the necessary steps to ensure it will never happen again—whether that means better training individual users, strengthening your email security, better safeguarding your servers or some combination of steps.

Ideally, you’ll avoid all of this mess by preventing the data security breach in the first place. If you’re staying up nights wondering when your company might fall victim to a security breach, you might reconsider your company’s approach email security altogether.

Sendio’s Opt-Inbox and Email Security Gateway both work to stop spam and other email-borne threats from reaching your users. Using layers of technical controls, Sendio’s email security solutions lessen the chances of a security breach throughout your entire organization.