In 2014, the media caught wind of several serious data breaches affecting large organizations. One attack affected as many as 70 million Americans. Not only was financial data compromised, including credit card numbers, expiration dates and CVV codes, but personal information like phone numbers and email addresses were also leaked.
It's a common misconception that only large corporations fall victim to hackers because we so often see these types of security breaches on the news. Small and medium-sized businesses should consider data breaches a serious threat, especially if they're not investing in IT security and antivirus software.
Why do Internet criminals favor small and medium-sized businesses? One reason is because many are suppliers and partners of large corporate entities offering a convenient pathway to these partners' networks.
Another reason SMBs become targets for hackers is their lack of protection. Approximately 65% of small businesses say they can't do enough to protect their data (Tweet This Stat!)
While taking the proper precautions can help protect your business, being hacked is an ongoing risk. So, how can your business recover following a hacking incident?
1) Has an attack occurred?
Identifying whether a hacking attack has occurred is incredibly challenging for most businesses. It's not uncommon for some companies to take more than a year to discover data breaches.
How can you detect a problem right away? Know the warning signs.
- Slow running machines or systems
- Increased device crashes
- Strange network usage patterns
- Unusually large transfers of data to unknown destinations
- Visits from unfamiliar IP addresses
2) What is the scope of the compromise?
How many systems or machines are affected? This is a job for a cyber-security expert.
You don't want to risk increasing the reach and scope of the breach, subsequently spreading the problem. A data security expert can identify the type of attack being utilized by the hacker, conduct a network and malware analysis to figure out which systems and data files have been compromised. So, now is a good time to call in the professionals.
3) How do we contain the attack?
Contrary to your intuition, you shouldn't pull the plug as soon as a compromise is detected. Once you understand the breadth of the issue, it's important to contain the attack by taking all systems offline.
Waiting until a thorough investigation has been conducted to determine how to protect your system from future attacks is in your best interest.
4) How do we prevent future attacks?
After pulling all systems offline, it's crucial to install (or reinstall) antivirus software. Then, use what you've learned about the breach to fill in your security gaps.
Many breaches are a result of risky employee behavior, including:
- Visiting unsafe websites
- Opening up suspicious email
- Clicking unsecure
Firewalls and web filtering services are useful because they protect your employees from compromised websites that they might visit on work devices.
5) Should we communicate breaches?
The answer is always yes. Many companies get hacked, but it doesn't have to be catastrophic. Plan ahead and determine the best ways to communicate security situations with key stakeholders, customers, employees and partners.
You may also have a legal obligation to inform your consumers (depending on the type of data that was compromised). Individual laws differ from state to state -- know your legal responsibilities in advance.
Even if you think a hack will never get out, honesty and transparency are always the best policies. In fact, communicating issues like this may actually build trust between your business and clients. Be sure to identify the scope as well as the efforts underway to prevent future attacks.
Written by: JD Sherry is Vice President of Technology and Solutions for Trend Micro. He is responsible for providing guidance and awareness regarding Trend Micro's entire security portfolio aimed at protecting both commercial and government cloud ecosystems.