entrust IT Blog

What you should do if your business is hacked!

Written by Izzi Gorman | Feb 21, 2019 1:04:00 PM

It is something all businesses dread. You have been hit by a cyber-attack. Despite our best efforts, cyber attacks are on the increase and it is now more of a question of when, not if your business is attacked. Cyber attacks can happen for a number of reasons but research has shown that in 2018, 48% of data security breaches are caused by acts of malicious intent with human error or system failure accounting for the rest.


Looking to improve your Cyber Security? Take a look at our FREE White Paper >>

Given how prevalent security breaches are becoming, it is important to be prepared with a detailed plan of action should you become a target. A poor response can often exacerbate the damage done, so make sure you are equipped with a contingency plan. To help you out, we have gone through some of the do’s and dont’s when responding to a cyber attack.

DON’T panic

Not panicking is a critical step to take directly after suffering a security breach. Take a step back, a cool head on and evaluate the situation. Panicking leads to rash decisions and emotionally driven responses which do more harm than good. A cyber-attack does not mean the end of your business. You can make a full recovery.

DO determine the damage

You have discovered there is a breach, and the initial shock has worn off. What next?

By determining the damage, you will be able to decide how to best deal with the situation. Understandably you want to deal with the breach to sort it as quickly as possible, but sometimes this isn’t beneficial. Without determining the damage and diving straight into it, you can risk making the breach worse.

Assess the extent and severity of the breach and move on from there. Who and what has been impacted? What is the context of the breach?

Gather as much information as possible, it will come in handy later.

DON’T rush

Everyone wants the same outcome, for the breach to be restored and as quickly as possible, however, rushing to do this is not the answer. Every fix needs to be carefully checked and checked again, even if it means taking a bit longer.

DO try to contain the breach

If you can’t resolve the security breach initially, then contain it! Steps to do this may include resetting passwords, installing patches, disabling network access or recalling/deleting information.

Containing the breach helps to reduce the damage that could be caused. When doing this it is important to not do anything that would compromise any investigation.

DON’T keep it to yourself

Whilst you may think you can deal with the breach yourself and control it, keeping it to yourself or on a need-to-know basis is not the right way to go about it. Not only should all staff be informed but all customers who may be affected should be told as well. Remember, customers appreciate honesty. Informing them shows you are in control of the situation and will instill confidence.

When notifying victims of the hack you should communicate to let everyone know what has been accessed/the nature of the hack, what is being done, the likely consequences of it and what plans you have to ensure no attacks similar happen in the future. You may also need to contact banks/credit card companies so that they are aware and can effectively help the victims and your business after the breach.

Additionally, under the GDPR regulation you are required to report it to the Information Commissioner's Office (ICO) without undue delay and no longer than 72 hours. If you fail to do so, you risk a hefty fine. Remember earlier we said it would help to gather information? The more information you provide to the ICO the less likely you are to receive a penalty for the breach.

DO prepare

The breach may be over but that doesn’t mean the threat of security breaches goes. Use the experience to learn from it and your mistakes then how you can prepare for the future if one were to occur again. Think about your response plan, use two-factor authentication and consider all of your network vulnerabilities.

DON’T improvise

When a security breach occurs, it’s easy to jump straight in to try and rectify it without thinking, perhaps when you may not know exactly what’s happened or how to deal with it. Mark Nunnikhoven from Trend Micro says “The first thing you should not do after a breach is create your response on the fly, a critical part of your incident response plan is preparation”.

Go back to your response plan, speak to your team and discuss how you are going to tackle it.

More importantly it’s okay to admit you need help! Bringing in third-party expertise whether that be cyber security experts or investigators can help handle the fallout of the situation. Furthermore, it may be helpful to get legal advice as many firms would have specialist experience on how to deal with security breaches.

DO train your employees  

History dictates that human error is the root-cause and weakness of most security breaches. After the initial commotion of the breach and once things have settled down consider implementing staff training on cyber security, threats and how they can learn from the breach to help prevent one in the future.

In recent years we have seen security breaches reach a new level of sophistication. Its best to make preparations before a breach happens and have your cyber security taken seriously by your employees. There is no right or wrong way to handle a security breach as they differ each time one happens depending on the business and nature of the attack. By considering the do’s and dont’s for after a security breach, it could help your cyber security as a whole.

Interested in finding out more about Cyber Security? Download our FREE White Paper >>