6 steps to follow in a cyber-attack on your business

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://realbusiness.co.uk/article/31294-6-steps-to-follow-in-a-cyber-attack-on-your-business

Unfortunately, the harsh reality of data breaches and cyber-attacks is
something which is facing all businesses these days.

You only have to look at the recent influx of high-profile security
breaches to realise hackers, viruses, and software bugs are growing
increasingly sophisticated.

And while there are a number of precautions businesses can take to prevent
themselves from attack, sometimes these simply aren’t enough. The
interconnectivity of businesses these days, teamed with modern ways of
working such as "bring your own device" and remote offices, leaves
companies extremely susceptible to attack.

For those who find themselves faced with a breach, there are a number of
steps which should be taken to ensure an attack is handled appropriately:

1. Don’t panic

It's sometimes easier said than done, but panicking is the worst thing you
can do. Businesses should keep calm and firstly try and identify the origin
of the attack.

It's worth considering whether the breach has come from an internal or
external source – is a disgruntled employee at fault? Or maybe you've
inadvertently disclosed a password to a third party?

While the source of a cyber-attack can be extremely difficult to determine,
it's worth exploring all avenues so you have all the information possible.

2. Find out what has been taken

The notion that hackers are only after money is a common misconception.
Rich data is also an extremely attractive target.

One of the first steps taken following an attack should be to assess
exactly what information has been compromised – an I.T specialist should be
able to do this pretty easily.

Sometimes it's not as bad as it looks and businesses can actually come away
pretty unscathed. If not, pick up the phone and call a trusted advisor
right away.

3. Call a trusted advisor

If the damage assessment shows a considerable security breach then the
expertise of a specialist should be enlisted. Talking to insurers and
contacting a legal professional will help determine whether the business is
covered and can be fully compensated for its losses.

Depending on the individual case and circumstances it might be difficult to
make a claim – especially if the business has given out passwords to third
parties and this has turned out to be the reason for the attack.

4. Inform the authorities

Depending on the scale of the attack, you might have to inform the
authorities of what has happened.

The Information Commissioners Office (ICO) are responsible for the
enforcement of the Data Protection Act 1998, so they will be able to offer
help and guidance if the attack isn’t down to negligence on the part of the
business.

5. Consider reputation

Businesses holding a large amount of customer data will be the hardest hit.
Maintaining customer confidence is crucial in this type of attack and a
well thought out communications plan will be key. While it's easy for a
business to think they're the main victim of the attack, the consequences
can often be much worse for the customer.

It's also worth noting that you're well within your rights to request that
information is taken down from social networks such as Reddit, Facebook and
Twitter if it has been uploaded to these channels.

6. Stay vigilant

Once the attack has been resolved (as best it can), businesses should fully
audit their security policies and procedures, to avoid the same thing
happening again.

An audit will identify any holes in your current security practices, assess
whether procedures were robust enough and being correctly followed, as well
as suggesting any areas for improvement, to help businesses stay ahead of
any threats.

What now?

Cyber-crimes are now being reported on increasingly in the press, following
a series of high-profile attacks – awareness is undoubtedly growing, which
can only be a good thing.

The aftermath of an attack can be a whirlwind, and extremely daunting for
those that have not been victim to an attack before. However, if the above
steps are followed, and a calm and collected head is kept, consequences can
be kept to a minimum.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!