What you should do if your business is hacked!
It is something feared by all organisations. You became victim of a cyber-attack.
Despite our best efforts, cyber attacks are on the rise. It is now more a matter of when, not if your business is targeted. Cyber attacks happen for a number of reasons, but research has shown that in 2018, 48% of data security breaches are caused by acts of malicious intent with human error or system failure accounting for the rest.
Looking to improve your Cyber Security?
Given the prevalence of security breaches, it is paramount to formulate a comprehensive plan of actions in case you become a target. Poor responses can often exacerbate the damage done, so you must make sure you have a contingency plan. In an attempt to help you prepare, we have gone through some of the do’s and dont’s when responding to a cyber attack.
Not panicking is one of the most important steps to take directly after suffering a security breach. Take a step back, keep a cool head and evaluate the situation. Panicking leads to actions which are rash, and these emotionally driven reactions often do more harm than good. You can make a full recovery from a cyber-attack. It doesn’t mean your business is over.
DO determine the damage
You’ve found out you have been hit and the initial shock has worn off. What’s next?
Determining the damage will enable you to decide how to best deal with the situation. While you may want to deal with with the breach so it is sorted as quickly as possible, this is not always beneficial. Diving straight in and not determining the damage first will put you at risk of making the breach worse.
Assess the extent and seriousness of the breach and proceed from there. Who and what has been impacted? What is the context of the breach?
Collect as much information as possible – it will come in handy later.
Everyone wants the same result – for everything to be restored and as quickly as possible. Nevertheless, rushing is not the answer. Every fix needs to be carefully checked and checked again, even if it means taking a bit longer.
DO try to contain the breach
If the breach cannot be resolved initially, then contain it! This could include resetting passwords, installing patches, disabling network access or recalling/deleting information.
Containment will reduce the damage that could be caused. However, it is important not to do anything that would compromise any investigation.
DON’T keep it to yourself
While you may think you can control the breach, keeping it to yourself or on a need-to-know basis is not the right or most beneficial way to go about it. Not only should all employees be notified but all customers who may be affected should be told as well. Customers appreciate honesty. By informing them you will instil confidence and show you are in control of the situation.
Upon notifying those impacted, it is important to let everyone know what has been accessed/the nature of the hack, what is being done, the likely consequences of it and what plans you have to ensure no attacks similar happen in the future. It may be necessary to contact banks/credit card companies so that they can effectively help the victims and your business after the breach.
Furthermore, under the GDPR regulation you are must report any breach to the Information Commissioner’s Office (ICO) without undue delay (no longer than 72 hours). Failing to do this will see your business faced with a hefty fine. Remember when we said it would help to gather information? The more information provided to the ICO means the less likely you are to receive a penalty for the breach.
The incident may have happened, but that doesn’t mean the risk of experiencing another has gone. Learn from the experience and the mistakes made, then use them to decide how you can prepare for the future if one were to occur again. Consider reevaluating your response plan, use two-factor authentication and consider all of your network vulnerabilities.
It’s easy to jump right in when a security breach happens to try and rectify it without thought, even when you may not know exactly what has happened or how to deal with it. Mark Nunnikhoven from Trend Micro says “The first thing you should not do after a breach is create your response on the fly, a critical part of your incident response plan is preparation”.
Speak to your team, take a look at your response plan and discuss the best way to tackle it.
More importantly it’s okay to admit you need help! Third-party expertise such as cyber security experts or investigators will be able to assist in the fallout of the situation. Additionally, it may be beneficial to seek legal advice as many often have specialist experience on how to deal with security breaches.
DO train your employees
History has shown that human error is the root-cause of most security breaches. Once things have settled down, it is worth looking at implementing some form of cyber security training for staff to educate them on threats and how they can learn from it to prevent one happening in the future.
Security breaches have reached a new level of sophistication in recent years. Therefore, it is helpful for organisations to make preparations before a breach happens and ensure cyber security is taken seriously by all staff members. All security breaches are different and the impacts they have on one business to the next differ. Therefore, it’s important to remember there is no right or wrong way to handle one. By considering the do’s and dont’s for after a security breach, it will help the cyber security in your business as a whole.
Please contact Serval IT Systems if you would like assistance on improving the IT security in your business.