So your business has been compromised by a cyber-attack, now what?
“Cyber-attack” is such an immense term these days; it can be anything from a virus switching off your entire system to a hacker threatening to steal and release confidential information if you don’t pay a big amount of ransom.
The outcome from a cyber-attack also varies – potential lawsuits and fines from privacy breaches, loss of critical files or information, and financial loss due to fraud or theft.
The 6 Step Cyber-Attack Response Plan
1. Identify The Compromised Data or Breach
This is an obvious step, but cyber breaches often occur without you even noticing – sometimes it is in your system for months before an actual attack occurs. Identifying the breach can be as simple as
- Training your staff to recognise a breach when it happens.
- Implementing an effective breach prevention software
No matter how this is done, it is a must to do it quickly, so you can respond to it right away. Once you’ve realised that a breach has occurred, identify what happened and proceed to the next step.
2. Contact Your Cyber Insurance Response Team
Purchasing a Cyber Insurance policy is a must for every business. In the case of cyber-attack, you can immediately access them through their 24/7 emergency hotline. This allows you to get in touch with experts who can resolve your problem effectively, and their services will be charged to the policy you have purchased if the claim goes through.
3. Contain The Damage and Assess The Impact
This step is normally handled by the incident response team or your internal/external IT team.
There will be certain steps the IT team will take to restore your system’s security and resolve the breach; which may include:
- Transferring important files to a secure location.
- Removing access to internal systems or changing passwords.
- Blocking traffic to your website
- Implementing temporary firewalls
- Taking parts of or your entire system offline
- Digging into the cause and effect of the cyber event.
This is a complicated process, that’s why contacting the right support is important. Make sure to reach out to your trusted partners who can fix the situation and not make it worse.
4. Recover Data & Systems
Once you have contained and eliminated the breach, you can begin the process to recover your IT networks, systems, and data to continue with your business operations. Having a Business Continuity or Disaster Recovery plan will come handy at this situation. Your recover plan should include the following:
- A plan to restore systems to normal operation
- A process of continual monitoring to confirm that the affected systems are functioning normally
- A plan (if applicable) to remediate vulnerabilities to prevent similar incidents.
5. Communication & Notification
This step relies heavily on timing – it is important to hold off on some communication (i.e. with clients, service providers, or those affected by the breach) until you have identified exactly what happened and the scope of the damages. In addition, you may also have specific notification requirements that will have associated timelines – make sure you are aware of these in advance, missing deadlines and getting hit with fines and penalties are not a good move at this stage.
Communicating with Clients & Service Providers:
This depends on the impact of the incident – sometimes the event doesn’t need communication with these parties, in which case it is usually best practice to skip this step.
If you are going to communicate with these parties, we recommend you wait until you have enough information to pass on to help avoid misunderstandings.
Depending on the size of the cyber event and your business, it may be worth appointing a public relations firm to assist with the communication step.
Communicating with Regulators:
Certain rules & regulations around mandatory notification of privacy breaches may apply to your company. It is important that you know when to notify before any breach occurs, as this could result in fines & penalties if you don’t notify within a specified time period.
6. Evaluation & Improvement
Improve your cyber security measures by using the information mentioned in the previous steps. Not only will this strengthen your defence against future cyber-attacks, but it will help your case with insurers when it is time to renew your policy.
Out of all these 6 steps, what most important is the ability of the Business Owner to make sound judgement during a time of crisis. If you are an entrepreneur and still don’t think that this can be a real thing, you should check out our article on Why don’t more entrepreneurs have a disaster recovery plan.