Unfortunately, cyber attacks are becoming a fact of life, and are no longer a matter of if, but when. In recent months and years, large companies which we consider tech-savvy have fallen victim. Big names such as Google, Facebook, Twitter, and Target are among these, which is a clear indicator that no one is completely immune to breaches.
That said, even though a majority of us prepare for attacks by putting up the best defenses we can think of, it’s possible you might not have a recovery plan in place. Having a strategy for responding to an attack is almost as important as preventing it in the first place.
What should such a plan include? Let’s find out:
#1 Containing the breach
The very first step you should take after a cyber attack is to assess the extent of the damage. Find out what servers have been compromised and find ways to contain them as fast as possible. With this move, you might be able to keep the infection from spreading to other devices or servers.
Some of the steps you may want to take include disconnecting your internet connection and disabling all forms of remote access. Next, you want to keep your firewall settings in place and install any pending updates or security patches.
Another important step is to change all passwords immediately. Remember not to use the same password for multiple systems so as to limit damage in case of a future breach. Yes, lightning might strike twice.
#2 Assessing the damage
Whether you are a sole victim or part of a larger group of victims, one of the most crucial steps is to establish the root cause of the breach. Doing so will help you prevent a similar occurrence in the future.
Some of the issues you might need to address include things such as the identity of people who have access to the affected devices or servers. Ask yourself how the attack could have been initiated and which networks were active at the time.
To answer these questions, you could go through the data on your antivirus program and possibly review security data logs from email or firewall providers. In case you’re unable to determine the source and cause, consider getting an expert’s input.
#3 Impact assessment
Next, find out the people whom the breach affected, from employees and customers to third-party vendors and external entities. In case you have fallen victim to a widespread breach that has affected multiple organizations, make sure to keep yourself updated on all developments.
Find out what sort of information the attackers targeted so as to know the severity of the data breach if any.
Even though your staff members might be in the know about your company’s cybersecurity policies, take time to re-educate them. Prepare them for a future attack and, more importantly, set measures in place to prevent a future recurrence.
Additionally, you need to adjust your security systems to address whatever loopholes the attackers exploited. Be sure to communicate any new security protocols with all employees. As a precautionary measure, limit employees’ access to data as much as possible on the basis of job roles.
The next step is always the most difficult – preparing for life after the attack. As many will agree, it’s always tempting to sweep things under the carpet and pretend all is well. But that often spells disaster.
Face your worst fears by communicating with all affected stakeholders. Start with staff members, explaining what happened and making sure everyone is on the same page. Next comes the toughest part – letting your customers know.
You might want to get legal assistance to determine the best way to let customers in on the disturbing news. Transparency will go a long way in healing the wounds and maintaining positivity.
It might be a great idea to put in place a hotline for addressing queries from affected individuals. Communication might be the key to maintaining professional relationships with customers.
And never try to turn the incident into an opportunity for gain. When Equifax suffered a breach in 2017, they tried to turn a profit from it by wanting to charge patrons to freeze their reports. They also originally told customers that if they would not sue, they could get a year of free reporting. The results were devastating, hurting customer relationships in the long term.
In case you have insurance coverage for cyber liability, let your carrier know as soon as possible following the breach. Find out what they can do to assist you in the recovery process. You might be surprised at their resourcefulness.
#6 Evaluation and improvement
The next important step is to assess everything that has taken place since the breach and through the recovery process. Chances are that you will identify lessons to take home from the events.
Use these lessons to enhance your security and response strategy so as to prepare better for future incidence, as it is usually just a matter of time.
Things to avoid
Now that we know how to react following a cyber attack, it’s also important to consider a few things you must never do.
After a breach, the most likely instinct is to start rectifying problems on the fly. But note that a hasty reaction could worsen things. No matter how great the temptation is, you shouldn’t freak out. Remain calm and follow your recovery plan to the letter. If you have no plan, create one first and stick to it.
You can imagine that no one knows what happens and try to keep things under wraps. But the risk of doing this is certainly not worth the reward.
Closing the incident prematurely
After you have followed the above steps, it might be tempting to close the case and go back to business as usual. Not so fast. Continue monitoring the network to ensure that it really is over.
It’s never over until it’s over
A breach is a proof that there are gaps in your security system. But simply because you have dealt with an attack effectively, from your perspective, does not mean that it’s all smooth sailing now. Cyberwarfare is a continuous battle, so never let your guard down in hopes that attackers have moved on.