Een datalek? Deze acties onderneem je best
Inzichten / Een datalek? Deze acties onderneem je best
 
You recently discovered that your data about yourself or your company can be found online. In concrete terms, this may concern passwords, sensitive data or personal contact details. Much of this information is bundled and available on the so-called Dark Web or some obscure forums. What should you do now?
 
We help you on your way with some tips, but also make some important comments. The reality is that once your data is captured, it is extremely challenging to get it completely off the internet or “hide” it. You can’t just file a complaint or call a support service for help. Read through our best practices how to prevent this and which actions you should take. Spoiler alert, changing passwords and setting up MFA is the core idea.
 

In brief

Your company and yourself must take immediate action. Waiting an hour or a day can have dire consequences. These actions aim to minimize or correct the risks and avoid potential damage. You will need to identify where things went wrong, understand why and learn from it. The adoption of a proactive and preventive safety policy is crucial and a logical end goal. We now go over all the steps and some best practices to give you and your company peace of mind for the future.
 
Step 1: Sound the alarm
  • Warn all employees, regardless of position. Explain to them that valuable data is publicly available and educate them about the consequences.
  • Go over the individual violations per user. Where did it go wrong and with whom? What are the risks and discuss them with colleagues.
  • Agree on clear rules regarding passwords and/or update the existing rules. Review these and communicate them clearly.

 

Step 2: Change the passwords
  • Don’t forget to change old and “leaked” passwords immediately.
  • Is a password more than 6 months old? Change.
  • Set up a recurring action for everyone to change the password at set times.
  • Go through all best practices.

 

The best practices

Implement Multi-Factor Authentication

Passwords protect you, but what if your password has been leaked? Then you don’t have to worry if you have MFA!  A second layer of security that ensures that only you can log in provides complete protection. It virtually eliminates all threats and risks associated with a hacked password.

 

Single Sign On (SSO) and a Password Manager

The combination of  SSO and a Password Manager  ensures that everyone in the enterprise can easily work in a security-first environment. It simplifies and eliminates the frustration of passwords and associated security management.

 

Education and Awareness training

Users will always be the weak link within a company when we talk about security. This is often due to a lack of interest or a lack of knowledge of the most common risks and threats. Solve this problem easily by sharing best practices in a bite-sized manner and providing training that transfers everything easily.

 

Do an assessment of your environment and yourself

Every few months, take some time to take a critical look at your online presence and passwords. Take actions where necessary, set up MFA and evaluate whether you have enough different layers of security. You also do this within your company, but go one step further. Have a technical look at your environment. Just like maintenance on your car, it is best to do this within the company every year.

 

backup, backup, backup

What you have double is harder to lose. What you have triple, even harder. Then imagine how challenging it must be when you have something four times? So logically make sure that you have backups at multiple locations of your data. Build a data protection strategy with your technical partner and make sure you are safe in the event of an attack or breach.

Single Sign On (SSO) en een Password Manager

De combinatie van SSO en een Password Manager zorgen ervoor dat iedereen binnen de onderneming eenvoudig werken binnen een security-first omgeving. Het vereenvoudigt en elimineert de frustratie rondom wachtwoorden en bijhorende “security management”.

Opleidingen en Awareness training

Users will always be the weak link within a company when we talk about security. This is often due to a lack of interest or a lack of knowledge of the most common risks and threats. Solve this problem easily by sharing best practices in a bite-sized manner and providing training that transfers everything easily.

Doe een assessment van je omgeving en jezelf

Every few months, take some time to take a critical look at your online presence and passwords. Take actions where necessary, set up MFA and evaluate whether you have enough different layers of security. You also do this within your company, but go one step further. Have a technical look at your environment. Just like maintenance on your car, it is best to do this within the company every year.

Backip, backup, backup

Wat je dubbel hebt kan je moeilijker verliezen. Wat je driedubbel hebt, nog moeilijker. Beeld je dan eens in hoe uitdagend het wel niet moet zijn als je iets vier keer hebt? Zorg er dus logischerwijs voor dat je back-ups hebt op meerdere locaties van je data. Bouw een strategie op rondom databescherming met je technische partner en zorg dat je veilig zit in het geval van een aanval of inbreuk.