My Business Has Been Hacked. What Do I Do Now?
The recent waves of cyberattacks on companies all over the world has brought with it some much needed attention to the issue of data security in the US. The numbers simply don’t lie, and for business owners it is no longer a matter of “will or why would my business be hacked?” but “when will my business be hacked?” That is a scary thought, and a tough pill to swallow, but it really is exactly what needs to happen in order for the necessary precautions to start being taken by all. The hackers are catching on to this widely accepted ignorance by smaller business owners, and they are taking full advantage of it. Unfortunately for these companies who are “too small” to be hacked, a data breach can be especially devastating. Enough so that a large percentage would have no choice but to close their doors after such an attack. Now that type of liability doesn’t make much sense, and that is exactly why we have compiled a step-by-step list covering what to do if your business has been hacked. Having a response plan in place could very well be the difference in saving your business.
1. Try to avoid panic, and DO NOT shut down the affected devices.
– Remain calm, as a distressful action could make the incident incredibly worse. Make sure the affected devices remain ON so your team can carefully preserve the evidence until the right people can examine it. Shutting down or disconnecting power to the device will potentially compromise this evidence, which would keep you from knowing exactly which files were affected as well as who the perpetrators are themselves. Try disconnecting your network cable, or disabling the Wi-Fi instead.
2. Call in a Forensics Investigator.
– The first 24 hours after a breach are the most important, so call in a computer forensics team immediately to get started on collecting the necessary data for their investigation. They will be able to tell you how the attack happened, when it occurred, and what information may have been compromised. This will be crucial going forward.
3. Inform the right people, make sure everyone knows their roles!
– How did you find out about the attack? If it was by federal agents, your legal team needs to be by your side every step of the way. If you found out about it from another source, you still need to get law enforcement involved early on. If you find that customer or financial information has been lost, your executive team needs to be working on their own plan of action unique to this exact incident. The rest of your staff needs to be prepared to deal with questions from customers and media outlets. Keep everyone on the same page!
4. Keep records of how you responded to the incident.
– Being able to prove that you took every step necessary to remediate the issue as soon you became aware of it will help protect your company from any law suits that may arise because of the incident.
5. Analyze the extent of the attack and fix the problems.
– Be patient while the forensics team finishes the investigation, as most data breaches are worse than they initially seem. Rushing through this process could leave your company open to an identical attack. Once all vulnerabilities have been identified, start taking steps to secure your environment again. This should also include blocking access to the network from IP addresses associated with the attackers.
6. Reach out to your customers about the breach.
– Being honest and transparent to your customers at this point is the only way for your reputation to recover. Don’t complicate things by covering anything up, your trust is very fragile at this point.
7. Take as much away from the incident as your team can.
– In the weeks following the breach, try to derive areas of focus from the way your team responded. What went exactly as planned, what could you work on, what could your team have done differently? This will greatly help your company in the unfortunate event of another breach, and be fantastic talking points for gaining back the trust of future business partners.
For small businesses, the looming threat of a cyber-attack does not have to simply strike fear in your company. Acknowledge that it CAN happen to you, and turn that fear into focus! If you are concerned that your company may not have the resources in house to handle such an event, Alias Forensics, LLC can help get you to a comfortable state of security. We offer a wide variety of services to keep your business safe: from our BlackBox: Intrusion Detection System with 24/7 real-time monitoring, to Response Plan GAP Analysis, to Table Top (data breach simulation) Exercises, to Incident Response Planning, to Emergency Incident Response and Forensic Investigations, we have you COVERED.
Call us at 405-261-9517 or visit www.aliasforensics.com for more details.