What to do if your business has been hacked
Cyber attacks are on the rise. A UK Government survey found that a shocking 39% of businesses came under attack in 2021, and the estimated global cost of cyber crime reached $6 trillion USD in the same year.
Falling victim to a cyber attack can cause severe financial loss and reputational damage for any organisation. With the alarming rise of cybercrime predicted to continue for 2022, it’s vital that businesses do all that they can to protect themselves and their data from attack. Actions such as promptly installing system updates, conducting staff cybersecurity training to promote best practice, and hiring a cybersecurity consultancy firm to conduct regular vulnerability scanning can help you find and fix your weaknesses before they are exploited by hackers.
But what do you do if the worst happens?
Anthony Green, CTO and cyber crime expert at FoxTech, discusses how organisations should respond in the instance of a breach:
“Whether an attack has reached its final stage – which will most commonly look like the delivery of a ransom demand – or you’ve just discovered a suspected breach to your system, it’s important to try and stay calm. It’s easy to panic, particularly if an attack is in progress and you don’t know where the disruption is coming from. Prevention is always better than cure, and it’s crucial to ensure that your business is as protected as possible. However, it’s still important to know how to respond in the event of an attack. Developing a documented incident response plan can help you remain rational and take the right steps to mitigate the repercussions of an attack.”
FoxTech has put together a guide, advising businesses on what they should do in the event of a security breach.
Don’t shut down your system
This is a typical panic response, and it might be tempting to shut everything down. Unfortunately, if an attack is underway, you should assume that the hacker has already gathered much of the information they were looking for. By unplugging your system or deleting malicious files, you could be destroying evidence that will be key to discovering what has been taken, and how your system was breached. It’s far better to leave your system be and call an expert straight away.
Call an expert
This is the most important step to take in the event of a hack. If you have never used a cybersecurity consultancy firm before, and don’t employ in-house cybersecurity experts, then you need to conduct a search for a security expert as a matter of urgency. To avoid this scenario, it is highly advisable for any organisation to find a trusted cybersecurity partner before a breach occurs. Having an expert on hand who is familiar with your system means that if the worst does happen, they will be able to act immediately to help you contain and analyse the attack. They can also help you discover the facts and take the right actions in the event of a ransomware demand.
Keep a record of events
As soon as you realise your system has been attaked, keep a record of every subsequent action taken – such as who has touched the system, and when. This log will help you keep track of your system, become a valuable resource for post-breach analysis, and will also help your organisation’s case in the event of any legal action.
Be honest with your customers
Most organisations will worry about the reputational damage of disclosing a breach of sensitive data, but if your users’ data is out there, they not only deserve to be notified, but you could face legal action if you fail to do so. Once you have called in an expert, they will work to understand the scope of the attack, close the security holes that have caused a problem and review your compromised files. If it is likely that the breach contained personal information then, by law, this must be reported to the Information Commissioner’s Office within 72 hours. Failing to do so can lead to a fine of up to £8.7 million or 2% of your global turnover.
Rebuild
After an attack, it’s essential to submit your entire system to an extended security assessment. This can identify and fix any other vulnerabilities in your system to help protect your business from a repeat incident. The UK Government’s 2021 cybersecurity review found only 15% of businesses have conducted an audit of their cyber security vulnerabilities, and only 31% of businesses and 27% of charities have a business continuity plan that covers cybersecurity. Therefore, while cyber attacks are certainly on the rise – and it’s important to know how to respond to a breach – there is still a huge amount of scope for businesses work with the experts to improve their cybersecurity strategy and greatly reduce their risk of falling victim to any form of attack.