Once you experience a hack your goal should be to get your business back up and running as soon as possible. Follow these steps to get things under control and regain a sense of normalcy.
#1 Keep calm and do not panic
It's understandable to feel uneasy due to the nature of the situation however, you must maintain your cool to take the best course of action. If someone is attempting a ransomware attack or asking you for a payment to remove the threat do NOT submit to the attacker's request. The FBI advises against paying ransom as there is no guarantee that you will get your data back and it emboldens criminals.
Never act on impulse, respond strategically.
Follow your incident response plan and utilize your in-house or third-party cyber response team. You may also need to alert your insurance carrier since they may want to use their experts for response and recovery.
#2 Gather all the facts
You will need to make sure you know the answers to these questions:
Ex. An employee clicked a link in an email.
What has been compromised?
Ex. Customer account data has been exposed.
How Many Accounts?
Ex: 1000 customer records, containing first and last name, address, email address and account number.
What type of attack was it?
Ex. Ransomware, phishing, or virus.
#3 Secure and Recover
After you have gathered all the information, you need to pass on this information to the appropriate party. Relay this information to your company's cybersecurity team, legal counsel and insurance provider so that they can address and resolve the issue. If your internal team is not able to use methods on your own to address the problem you may have to outsource cybersecurity services.
Is the attack still ongoing? Close the door now!
Investigate to understand the nature of the attack and work to stop its spread. This could include powering off machines and/or disconnecting internet or network access. From there, skillfully remove malware, affected files, bogus user accounts, etc. In some cases it is wise to restore systems from backup. Don’t restore system functionality or internet access until you are confident the breach is contained.
After recovery but before resuming normal operations, enact emergency changes to prevent reinfection. This may include operating in a more secure mode than usual until the thorough investigation is complete.
When an outside party accesses your network, if they were able to view customer account data you unfortunately have experienced a data breach.
Malware that encrypts or modifies files is also considered a data breach under certain regulations, such as HIPAA, and therefore must be reported as such.
Depending on your situation, you may have to notify law enforcement and your customers must be notified immediately if the attack put any of their information at risk. Be careful to follow the various laws you may be subject to regarding notifications. Always involve your legal team at this stage.
Keep it from happening again. Train your employees about:
- Using strong passwords
- Phishing scams
- Secure email communications (encrypted emails should be used for sensitive information).
Make sure you have a network that is up to date with today's threats, an Anti-virus just doesn't cut it anymore. You need a multi-layered security strategy to protect your company's data. The cost of a data breach is extremely high in both recovery and business reputation. Do all you can to avoid the headache of a breach by being both properly protected and prepared to handle a breach when it occurs. Being both protected and prepared works together to minimize business risk.