Hacking Rescue Policy



Introduction

Hacking rescue policy document describes step-by-step guide to contain and stop the attack for HubBroker ApS iPaaS Platform.

STEP 1: CONFIRM THE ATTACK 

We will check and confirm that our systems or servers have been breached. Once we’ve confirmed the attack we will choose either to perform a forensic assessment or an incident response engagement.

STEP 2: INFORM CUSTOMERS 

Once an attack has been confirming we will contact the customer within 12 hours and notify about the situation according to what we know. This will be done form our support ticket notification system. Later we will provide a report that will elaborate on details regarding the attack.

STEP 3: CONTAIN THE ATTACK

When investigating security breaches, valuable “volatile data” is lost when servers are shut down, including server memory contents and existing network connections. To limit the damage, we may need to take disruptive and costly steps, such as removing infected sources and shutting down our servers. This also includes considering reformatting hacked servers and restoring data from clean backups. Our updated daily backups will be critical in this step. We will also in this step secure our accounts by setting new, complex passwords that will be harder to crack. Allocate quite a few days to this activity. 

STEP 4: UNDERSTAND & INVESTIGATE THE ATTACK 

We will once the attack has been contained start deep diving and understand the attack. We will find out how far the hacker gained access to our systems and where on the servers and what was breached, stolen or damaged. It is critical to find out if the hackers can still access our systems.

STEP 5: MORE INFORMATION ON THE ATTACK 

We will be open on the situation and we will communicate with affected employees, customers, and partners about what happened in detail, what we're doing about the problem and what they need to do. The report will be communicated to customers. This is crucial for HubBroker to maintain trust in operation. 

STEP 6: REMEDIATION 

We will develop an action plan for increasing our IT security – this includes identify and repel future attacks. Integration to risky web applications or web services may be disabled if no Firewall in front of them to protect against web-based attacks is implemented.


Category: Security Policy
Last date of update: 24.09.2018

How did we do?