We’ve already discussed how cyber attacks are a serious threat to businesses and the best ways to stay safe from such attacks. If you have a small to mid-sized business, you may feel that you don’t need to worry about cyber security as much. However, this is not the case at all. According to industry statistics, almost two-thirds of all cyber attacks are now directed at small businesses. In the unfortunate event that your business is hit by a cyber attack, what do you do? We list down the five most important steps to take in such a scenario.
Step 1: Assemble a team and formulate a clear plan of action
The immediate effect of a cyber attack can be chaos and fear. Your immediate focus should be to have a clear, planned-out response. In such a high-pressure situation, it is important that you have a team in place that can execute the plan and take the right decisions to mitigate damage.
This team should ideally include representatives from all relevant areas, including IT, HR, IP experts, corporate affairs, as well as privacy and legal. Depending on the extent of the breach, it may be necessary to consult with an external team in case your internal resources are insufficient.
Step 2: Contain the attack
The technical team’s first responsibility will be to identify the cause of the attack and take measures to contain it. They may have to suspend a compromised part (or even whole) of the network temporarily. This can potentially be very costly for the business. However, this is a necessary measure to prevent the attack from spreading. Some other useful steps would involve:
- Installing patches to fix security flaws and eliminate viruses.
- Resetting all passwords to avoid being locked out of any compromised accounts.
- Recalling or deleting information that may have been mistakenly shared as a result of the attack.
Step 3: Run a detailed investigation
You need to collect all the facts surrounding the attack, its effects, and the remedial actions taken. The results of this investigation will give direction to the subsequent steps of your response. A thorough assessment should include:
1) Identification of all resources affected by the attack. While it may not be possible to determine exactly what data has been compromised, a conservative approach should be maintained in the estimation.
2) Assessment of how any breached data could be used against the victims. If the data contains sensitive information, the attack should be treated as more severe. If the data has been encrypted, there may be a lower risk of harm.
3) Determination of the context of the attack. A deliberate hacking would have more significant consequences for the relevant individuals, compared to an inadvertent security breach.
Step 4: Notify all relevant parties
The incident response team will also have to determine the best strategy to notify parties involved in the attack, especially for consumer-facing organizations. Not all cyber attacks may become public, but for many, the publicity will be inevitable – for example, in attacks where users' personal data have been compromised, or where the relevant data protection policies require that the affected individuals be notified. It is crucial that the team is timely in managing such announcements to the public and is honest and accurate about the information that is publicized.
Step 5: Actions to prevent a future attack
After addressing the current threat, the final step is to take effective preventive action. While customers may understand an isolated failure, repeated mistakes may not be forgiven easily. A thorough audit of your security measures and policies will help you determine how your security practices can be improved.
This may include:
- Engaging with an external security partner, in order to get fresh perspective on your existing practices and to help reassure your customers and stakeholders.
- Promptly resolving any existing security flaws – these changes should reflected in training documentation as well as data security policies.
- Training relevant personnel on the latest practices and procedures to ensure safety.
- Reviewing existing arrangements with service providers such as MSPs in order to ensure that they are subject to appropriate data security obligations (data security compliance should be a key criterion applied in the onboarding process).