In one of our previous posts we reviewed five tips on how to avoid a data breach. In summary, these include the following:
- Collect only the needed information and data.
- Make sure the passwords that you establish are difficult to be broken by a cyber attacker.
- Make sure you use the proper levels of encryption.
- Limit network access.
- Not all cyber-attacks target electronic data.
In this post, we’ll go through some of the important things that you’ll want to do in the unfortunate case of your business getting hit with a cyber-attack.
What You Need to Do
Secure the lines of defense at your business. After you have been impacted by cyber based attack, this is absolutely the first step that you need to do.
It involves the following components:
- Secure all of the physical devices and relevant software applications:
More than likely, this will involve the servers, the impacted workstations / computers, and any other associated wireless devices.
It is important to change all of the all of the relevant passwords of these impacted devices. Obviously there will not be a lot of time to do this, so…
There should be a plan in place before a CYBER attack occurs that describes exactly what needs to be done.
In some instances the best option may be to shut down affected devices until an assessment can be made to see what exactly happened.
- Stop additional data loss:
If the impacted devices have been shut down, you then need to determine what software applications and hardware depended on them.
For example, if the workstations and wireless devices were accessing a shared database, they should be closely monitored for at least a few days after the cyber-attack has occurred. This is to make sure that no further information and data is being covertly stolen or hijacked.
In this case, it would be very prudent to make sure that this database is backed up immediately, and that you continue to back it up every couple of hours – depending on how crucial it is to your operations.
- Assemble a team of experts:
This team should consist of the following individuals of your company:
> Team Leader:
Responsible for the overall incident response; will coordinate the necessary actions that need to take place.
> Incident Lead:
Responsible for coordinating the actual response.
> IT Contact:
Responsible for communications between the Incident Lead and other members of the IT staff.
> Legal Representative:
Responsible for leading the legal aspects of the incident response.
> Public Relations Officer:
Responsible for protecting and promoting the image of the business entity during an incident response.
> Management Team:
Responsible for approving and directing Security Policy during an incident response.
If your business is small, with only a few workers, obviously you will not be able to have all of the above titles on your team.
If this is the case, then the minimum titles that you’ll probably need to have on your team are yourself (the business owner), your IT lead, and a legal representative, which in this case, may be your business attorney.
Also, if possible (and if affordable), you may also want to hire a forensics expert to work with you, and your IT lead to determine the root cause of the cyber-attack.
In this regard, you won’t want to destroy any evidence, as this will be imperative to the work of the forensics investigator.
It is also important that this team be assembled early on when you first start your business. This is so your designated people can respond quickly to the cyber-attack – rather than scrambling around at the last minute after the fact.
A Lot of Information
In summary, the above steps can be diagrammed as follows:
Some of our upcoming posts will continue to examine what you need to do, as the business owner, if you are impacted by a cyber-attack. Although one of the keys is prevention – as much as possible.
Some of the remaining themes to be discussed in our future posts will be:
- How to fix the security vulnerabilities;
- Notifying the relevant parties that have been impacted by the cyber-attack.
