If you suspect a data breach, we will help you determine what has happened and the extent of the damage as well as assist you in recovery. The hours following a security incident are critical, and correct measures must be taken to ensure that the breach can be properly investigated. It is important to act consistently and with great care.
If you suspect a data breach:
1. Do not panic.
Start keeping record of your actions. This ensures that in later stage you can differentiate your actions from the perpetrator’s actions.
2. Do not shut down potentially compromised computers, but stop using them.
3. If necessary (cryptomalware, active data leakage or similar cases), disconnect potentially compromised computers from the network, or isolate them from rest of the environment using firewall.
Before disconnecting systems from network make sure what effects there might be. Damages from uncontrolled shutdown might be more severe than damages from the original compromise.
4. Collect all background information about the incident and potentially compromised computers:
- What happened, where and when?
- What is the role of the computers?
- Who owns the computers and can make decision regarding them (i.e. shut down a service)
5. Contact your organization’s information security team or call DNV Cyber directly +358 40 821 6432.
If you are Nixu CSIRT customer, please use your organization's dedicated number.