I’ve Been Hacked, What Do I Do Now?
61% of all data breaches this year occurred in businesses with fewer than 1,000 employees
source: Verizon 'Data Breach Investigations Report 2018'
There have been many high-profile data breaches over recent years. The reality is that any business could fall victim to hacking without the right preventative measures.
Any business owner knows the damage that can be caused by hacking. This extends beyond the theft of funds and potentially business-critical data. A cyber-attack can have a costly impact to a business’s reputation amongst customers and stakeholders.
This guide will help you form a sure-fire plan of action against a data breach. It will also provide cast-iron cybersecurity tips to lower the risk of it happening again.
Lock Down Your Systems Until You Can Figure Out What Happened
There’s a reason why taking action against hacking is often referred to in IT as ‘firefighting’. The most important thing is to contain the threat - or ‘fire’ - and stop it from spreading. Turn everything off, and this will give you the breathing space to start forming your next steps.
The only problem with this is the period of downtime it would bring to your business activities.
That’s why some companies make use of a Disaster Recovery Suite. This contains the required facilities for you to maintain business-critical operations following a cyber-attack.
Inform the Right People
This is a prospect that no business owner relishes - telling people who have trusted your company with their data that your security has been compromised. However, you absolutely cannot fail to report a cybersecurity attack. If it is uncovered further down the line the results could be catastrophic. Yahoo faced a slew of lawsuits in 2016, when it took two years to report the theft of data from nearly 500 million personal accounts.
The best thing you can do in the event of a cyberattack is remain transparent. Omitting any important information could compromise the trust of your entire customer network.
Scrutinise Your System for Any Vulnerabilities
Once you’ve put the fire out, you can begin your investigation. When did your company last have a cybersecurity audit? Over time software such as firewalls can become less efficient. Outdated systems will leave your company more vulnerable to hackers.
It would also be wise to review company passwords. These are the first line of defence against hackers. Therefore it’s surprising how many companies don’t regulate password complexity.
Human error lies at the heart of many cybersecurity attacks. Phishing emails are a prime example of this. Hackers are operating with increasing subtlety. As scams get discovered the tactics become more advanced. Are you unsure on how to detect phishing, or other forms of malicious emails? We recommend you take a look at our blog ‘Could You Spot These Email Scams?’
What about Next Time?
Once you recover from the damage caused by hacking, the most important thing to do it ensure it does not happen again. If the first instance was a setback, the second time could be a disaster. Here are some simple but effective cybersecurity measures you can put in place today.
Create an Incident Response Plan
More often than not, the damage caused by hacking is often exacerbated by the lack of a response plan. Not knowing what steps to take means time, and therefore money, is wasted. An incident response plan should outline how to recover any stolen data and how to stop the threat from spreading. It should also outline who in your company handles the incident.
Implement Cybersecurity Training
Personal responsibility for protecting against hackers should become part of your company culture. Do you expect your employees to fend off hackers without cybersecurity training? With the increasingly nuanced methods hackers use, common sense can only go so far. Quality training will minimise the margin for human error.
Strengthen Your Passwords and Log-In Processes
To minimise the risk of a cyber-attack, make complex passwords mandatory across your organisation. Your password policy should prompt employees to use special characters, numbers and a mix of upper and lower-case letters. It should also specify the need to update passwords regularly.
It is also advisable to use two-factor authentication, for if anyone's log-in details become compromised. Two-factor authentication confirms that passwords are being used by the right individual. This takes many forms, ranging from security questions to sending a SMS code to a separate device. It will never hurt to have an extra line of defence against hackers.
Are you concerned about cybersecurity within your business? At Netmatters, we work closely with clients to protect them against hackers. We can carry out a comprehensive audit to identify any vulnerabilities in your network. We also conduct regular reviews, to remain vigilant against new threats and hacking techniques. If you are interested in an expert, bespoke cybersecurity strategy, contact us via the form below or ring us on 01603 515007 today.