This post is the third in a four-part series where we explore challenges in mobile security faced by law firms today. Check out our last post on How to Prevent a Data Leak here.
So, the worst has happened: your firm is experiencing a data leak. Now what?
Well, you might have guessed that the short answer is this: stop it from getting worse.
In our last two posts of this series, we reviewed the anatomy of a data leak and how to prevent a data leak from taking place. When a data leak has happened, it means that your prevention methods have failed. It is time to shift focus in order to contain the leak, so that the breach does not expand.
#1: Assume the Device Has Been Compromised
For the purpose of this discussion, let’s say that a device has been lost. Therefore, you must assume that the device is compromised and any data that was on the device is also compromised. You can, and should, issue a remote wipe and device verification, but what you do next is very important in terms of preventing the leak from getting any bigger.
#2: Protect Your Servers
The key point here is that while the device had some data, your servers have much more. You should wipe the device, reset user accounts and disable specific VPN accounts that this user may have where settings could also be on the device. All of these should be reset and cancelled so that the device cannot be used as an attack vehicle or to get additional data that is stored on your servers. Finally, check all logs to ensure that server data was not compromised.
#3: Determine Exactly Which Data Has Been Leaked
Containing a data leak does not mean erasing the data leak. Identify which data has been affected and create a plan to notify clients.
Remember, the leak has already happened and it does not end until you notify your clients! In our next post we’ll discuss more on the importance of notifying clients.
Do you have tips on containing a data leak? Share them in the comments section below.
Catch up on the whole Mobile Security Post Series here: