Cybercrime is a quickly growing issue for businesses. Whether an organization is a one man band or heading up the Fortune 500, a cyber attack can have devastating effects. Here are some key pointers on how to maintain a calm and calculated response to a breach.
Breaches can be scary and unpredictable. However, your actions in the aftermath should be calm and calculated. If possible, plans should be drawn up ahead of time. A recent UK government report found that “Nearly half of all UK businesses have identified a breach or attack in the last 12 months.” In the face of an attack, the first moves a business makes can end up defining its reputation long into the future. Let’s look at five things that you need to do.
1. Assess the Situation
Discover the depth of the attack. Your security staff will scour the architecture that makes up your company’s networks. Afterwards, isolate the infected areas - although business continuity is a top priority, it’s important that this doesn’t spread. Incident data will need to be analyzed carefully to arrive at the correct diagnosis. Reach out to your lawyers. Chances are, some of your data will belong to other people or other companies. Establish that security protocols were followed and reasonable steps were taken to protect this data.
Following a breach, businesses often suffer a breakdown in internal communication when really the opposite should be occurring. You may be dealing with the fact that an employee allowed access to malware via an email phishing attack but you have no guarantee that another employee down the hall won’t do the exact same thing causing further lateral damage. All employees should be alerted to halt further attempts.
In a 2016 survey conducted by CSO magazine and the CERT Division of the Software Engineering Institute of Carnegie Mellon University it was found that insiders were responsible for 50 percent of incidents where private or sensitive information was unintentionally exposed. When it comes to cyber risk, education throughout an organization has proven to be a highly effective strategy as it halts attacks that exploit human error alongside technical flaws.
3. Verify Backups
Prior to the breach, you should have secured clean backups of your data. After the breach it’s vital that you verify your backups are good. Once you have figured out how the hacker made it past your defenses, and determined what they did while they were there, it’s time to begin the restoration process. Hard drive volumes should be reformatted, and operating systems and applications should be reinstalled. Only if you’re certain that your backups are completely secure should you consider restoring full backup images onto your computers.
4. Release the Right Information
When you have restored basic security to your systems, and shut down any affected areas, it’s time to tell your customers. Many businesses have learned the hard way what happens if they try to hide anything from the hair trigger of the internet. Your brand’s image can be maintained as long as you report exactly what happened. Provide as much information as you can without opening yourself to further cyber risk. It’s key that you describe the actions you are taking right now and what you will do in the future to ensure that nothing like this happens again.
5. Call in Help
If you don’t have the staff or expertise in-house to fix and control the damage then it is wise to call in third-party help such as a Managed Security Services provider. If you’re part of a larger company with a well established and respected brand, this help might also come in the form of a talented PR Crisis management firm in order to limit reputational damage.
Although there might never be a perfect response to a cyber attack, maintaining a clear focus on limiting damage as rapidly as possible, both to company assets and reputation, will ensure a business has the best chance of coming through the experience intact.