Sometimes, you can have all the protections in place to protect you against a cyber attack and they still get through.
Ideally, you would have a plan in place to deal with breaches but if you don’t, these are the steps you should follow.
Identify and contain the breach
Your approach may differ depending on the type of breach but first you must identify which servers, computers and systems have been compromised.
Rather than disconnecting completely, try and isolate the compromised part of your network to identify the source. Going offline will likely notify the hackers that you are aware of them.
You should however, immediately change your passwords and install any pending security updates.
Know when you need a professional
Sometimes, you just don’t have the experience needed within your business to deal with a cyber threat, so although you may not ever outsource your IT, it is always best to find a company you would trust to help you through a cyberattack if the occasion calls for it.
Don’t wait to bring them in, they have the experience to navigate a breach and are fresh perspective to help you identify the access point and remedy it.
Restore your systems
Once you are confident the breach has been dealt with, you need to identify when it occurred and check that your back-ups were not compromised. Once you have done that, you can restore your systems to the last back-up done before the breach occurred; you will obviously lose some data but depending on how often your back-ups are done and when the breach occurred, will depend on how much data you lose.
Send out a notification of the breach
Unfortunately, you can’t pretend the breach didn’t happen as it won’t be just your business that was affected.
You need to identify and notify those affected by the breach; employees, customers or any third-party suppliers. You need to be as open and transparent to those involved and tell them what steps are being taken to fix the issue and what measures you are putting in place to prevent any further breaches.
You’ll also need to notify any relevant regulators as per your legal obligation. Ensure that you have given them all the evidence they need.
Investigation
It’s a good idea once the breach has been closed to attempt to identify how it happened in the first place. If it was an employee, was it intentional or not? Do they need further training? Was it an unknown device that was connected to the network? Is there a weakness in your network? Was it a system that needed updated?
Once you have investigated, you can attempt to put in measures to ensure a breach doesn’t happen again via that problem.
PR Damage Control
Most businesses that deal with general consumers will be subjected more to negativity on social media and press than those in the B2B market, however, it makes good business sense to ensure you are aware of any implications to your reputation. That means notifying customers as quickly as possible and putting announcements out on social media to showcase transparency. You’ll also want to keep a close eye out on social media, not only for any negative responses but also, those who may e using that platform as a preferred contact point for more information.
Not only is a good PR strategy there to help manage your reputation but in this case, it could protect you from any legalities as customers are less likely to take action if they feel you have taken the breach seriously and are trying to correct the action.
Vigilance and Review
Even after a cyber attack has been dealt with, you need to remain vigilant in case another attempt is made. If you don’t have a Cyber Incident Response plan in place, ensure you do now. Then review that plan to ensure you have policies and procedures in place for all new and existing technologies that your business uses.