Cybercrimes are extremely common. They exist in every country, every industry and every organization. The growing risk of a hack has far-reaching consequences, which go beyond the theft of funds and business-critical data. Cyberattacks affect not only the hacked business, but also its clients and other stakeholders.
And unfortunately, even with the best cybersecurity measures in place, businesses can find their privacy compromised. But how do you know that your business has been hacked? There are a number of warning signs to look for, such as a sudden spike in DNS traffic, machines suddenly crashing or running slowly, frequent and random popups, online passwords not working, unwanted software installations, unexpected browser toolbars and so on.
Once you have identified a hacking incident, here are four critical steps you can take to rectify the issue.
Contain the Damage
Make damage mitigation your top priority. Figure out immediately what steps can be taken with existing technology. This could include resetting passwords, running antivirus and anti-malware programs, locking down user accounts, setting all social media accounts to private mode and so on. These containment measures will ensure that the hacking will at least be stopped from causing further damage. Until you can determine how the hacker(s) got in, assume everything is vulnerable.
Get Help from Experts
Now is the time to start investigating what exactly happened and what data got breached. Whatever the nature of the hack, forensic examinations of your processes and systems are crucial in understanding any existing or potential weak points and securing against them. If you do not have an in-house IT person, hire a data security professional to investigate the vulnerability.
Laws regarding hacking and data breaches are changing constantly, and vary from state to state and industry to industry. For example, laws related to finance or health-related businesses are usually quite stringent. Contact a lawyer who specializes in internet law and cover as many types of intrusion as possible so your legal expert can give you well thought-out advice for each one.
Report the Breach to Necessary Parties
If the hack has led to a data breach where your customers' information was potentially accessed, then it’s important to alert them immediately of what happened. This allows them to change their own passwords and freeze payment methods, if needed. You can also provide them with resources on best practices to protect themselves.
While there may not be a legal obligation for you to report any breaches or hacks, transparent reporting and responding will:
- Allow you to mitigate further damage
- Lower the chances of losing customer trust
- Help other organizations know and understand current risks
- Help you learn what needs to be done to prevent a repeat
Other parties might also need to be kept informed, including regulators, directors, vendors, employees and the media. Come up with a plan including messages for each group, ready to go at a moment's notice.
Repair Damage, Rebuild to Prevent Future Attacks
After getting a handle on things, review and revise your recovery plan — don’t forget to test it thoroughly. Involve people from all levels of the organization, including the CEO. Ask your customers and vendors to be part of the planning process. Check with them and find out specifically what they're doing to protect your data. This will give them the confidence to stick with you.
Prevention is always better than a cure. While you cannot guarantee that you won’t ever get hacked again, with a well thought-out and tested cyberattack response plan in place, you not only stand a better chance of fending off even the most damaging cyberattacks, you also limit the damage if a hack does occur.