Cyber Incident Response

DIGIGUARD can respond to and manage cybersecurity incidents for your business. We work to reduce further damage to your IT and data systems and help you recover as quickly as possible. Effective incident response for SMBs is vital to protect company assets and reputation. Our consultants bring remediation expertise and industry cyber threat knowledge to resolve all aspects of a cybersecurity breach. Here is our incident response process:

• Detect – Monitor potential attack areas for signs of a breach
• Analyze – Prioritize response to valuable data assets
• Contain – Halt spread and mitigate damage
• Eradicate – Remove the source of an attack
• Recover – Restore safe system function
• Review – Preserve evidence, update incident response plan

Cybersecurity Breach Detection and Analysis

DIGIGUARD will use a variety of methods to verify and identify threats. Current industry intelligence, technical knowledge and detection systems and tools will help to determine the nature and scope of the threat. Our team of experts will review indicators from various sources, including:

• Reports from users and staff
• Security product alerts
• File integrity software
• Malware program alerts
• Unusual log activity found during scheduled reviews

Cyber Threat Containment and Removal

Once the threat source has been identified, DIGIGUARD will work to contain the damage. Preventing further penetration of the threat may require disabling network access and quarantining infected computers, installing security patches, and relying on backups to maintain operations during the crisis. Additional measures, such as password changes and account blocking, may be performed at this time. Our team will back up affected systems to preserve computer forensic evidence of the incident. Additional service restoration steps are necessary to ensure the threat has been eradicated such as:

• Network validation and operational testing
• Recertification of compromised components as operational and secure
• Perform secondary monitoring
• Locking down or purging user accounts that enabled the breach
• Assign threat source as internal or external to determine additional steps

Cyber Incident Recovery

DIGIGUARD will help your SMB navigate the recovery phase of a cyber incident. Additional tasks are required to comply with laws, compliance regulations and cybersecurity protocol. Our consultants will customize and prioritize recovery items for your business. At the conclusion, we will compile an executive summary of the incident, a detailed technical analysis of the incident and copies of any forensic evidence for insurance claims or litigation. Here are some of the items we address in our summary:

• Notification – Privacy laws vary by state and have specific requirements for notification of data breach for sensitive, protected and confidential information. Notification templates are available so that affected parties may protect themselves.
• Security upgrade – Examine lessons learned from the incident to implement security upgrades, minimize vulnerabilities and monitor for threats.
• Training – Empower your employees to avoid phishing emails and other forms of insider threats and cyber-attacks with frequent and ongoing training.
• Cybersecurity policy development – Update your company policy to reflect new and safe procedures implemented in response to an incident.
• Cyber insurance – Review any cyber liability policies to implement coverage changes.
• Security response plan – Update your written plan to reflect updated and well-developed trigger responses. Identify security incident team members and third-party management services.

Contact DIGIGUARD for cyber incident response and management.