What to do after a cyber attack

What to do after a cyber attack

Why should you have a cyber attack plan in place?

The risk of a data breach is always possible, so no matter how secure you deem your business to be, it’s essential to have a cyber attack plan in place in case of emergency. Understanding how to identify, isolate and resolve an attack effectively will prevent further damage to systems, ensuring that your business can return to regular operations as quickly as possible. To help keep your organisation secure and protect your employees, we’ll tell you everything you need to know about what to do after a cyber attack. 

Containing the attack

If a cyber attack does occur, you’ll need to refer back to your response plan to see who needs to be contacted; time is of the essence, so doing this as soon as possible will minimise the risks. In the meantime, make sure that all systems are temporarily suspended to prevent the cyber attack from spreading. Disconnect devices from the internet, isolate critical systems and change passwords on crucial accounts if needed.

Investigate the source of the cyber attack 

To protect your business from a cyber attack, you’ll need to track down the source to prevent a recurrence. This step will require you to document and monitor everything that happens both during and after the attack, so make sure that you don’t delete any files. Question who had access to the infected servers, and record any network connections that were active at the time of the cyber attack. Data breaches are becoming more advanced by the day, so in some instances, the source can be almost impossible to track. By relying on the help of a trusted monitoring service, you’ll receive regular updates on the situation, allowing you to detect a cyber attack in its early stages - which contributes to reducing an often irreversible impact. 

Reporting the cyber attack

Under GDPR, a data breach must be reported to the Information Commissioner’s Office (ICO) within 72 hours. Failure to do so will require your business to provide a reason for the delay, and you could receive a penalty. For those that suffer a live cyber attack - meaning an attack that’s happening in that moment - you should contact your local police department for immediate help, allowing you to control the situation before it escalates. 

Identify who and what was affected

Keep a record of devices that were affected during the cyber attack, assessing any targeted information; for example, was it a mailing address or credit card number? Understanding this will prevent the risk of a breach happening again, allowing you to evaluate whether enough security measures were taken to protect the data. Not only this, were there any people affected by the incident? - this could be staff members, third-party vendors or customers. Each person should be contacted separately to provide answers to their questions or concerns, reassuring them of how attacks will be prevented in the future and what the next steps are. 

Informing your clients

This step will be regarded as a difficult one for most, however informing your clients that a cyber attack has occured is vital. It’s likely that you’ll be judged on how you handle the situation, so providing complete transparency throughout will maintain business relationships. Hiding information from clients is a massive no-no. 

Educating your employees

Maintaining a work culture that focuses on optimising security is the key to protecting your business in the long run. Staff should be trained on how to look out for security risks, be able to identify each type of attack, and be aware of preventative measures to take. Remind them to always create secure passwords that won’t be easily guessed by hackers, and they should be informed of suspicious applications or networks to look out for. Although a personal device coming under attack is a worrying experience that may lead them to keep quiet, it should always be communicated that this is the wrong way to handle the situation. A culture that operates on complete transparency is more likely to minimise risks to security. 

Putting together a cyber attack continuity plan

Meticulous planning is needed to prevent cyber attacks. Ensuring that you have a cyber attack continuity plan in place will allow your staff to act with urgency in the event of emergency, providing your business with long term protection. This plan should be constantly reviewed to see whether there are any gaps in your processes that could lead to potential risk, with business updates being taken into consideration. 

Your workplace’s physical security methods should be taken just as seriously as cyber security, and our team of experts are here to help keep you and your staff safe. Get in touch with us today to see how we can protect your business for years to come.