Business owners grapple with many “what if” scenarios. One of the most fear-inducing is cyberattack, especially in light of recent attacks against the Colonial Pipeline and the JBS meat packing plant. Read on to learn what do to when your business is cyberattacked.
Cybercrime is on the Rise
Similar to the reason why you conduct fire drills and maintain business insurance, all business owners should add cyberattack preparation to their list of needed protections. This is because cybercrimes are on the rise. In fact, according to a recent Forbes article, ransomware and phishing will remain primary risks in 2021.
Moreover, cybercrime victims are not always large enterprises like the Colonial Pipeline or the JBS meat packing plant. In fact, since the pandemic forced hundreds of thousands of businesses into virtual-only operations, cybercriminals have discovered a new, highly vulnerable, easy-to-attack target: small businesses. That’s because a high percentage of the worldwide workforce is now working from home on computer systems that are only minimally protected against cyberattacks.
9 Steps to Take when your Business is Cyberattacked
1. Contain the breach.
While you may be tempted to delete everything after a data breach occurs, preserving evidence is critical to assessing how the breach happened and who was responsible. The very first step you should take after a breach is to determine which servers have been compromised and to contain them as quickly as possible to ensure that other servers or devices won’t also be infected.
- Disable remote access.
- Maintain your firewall settings.
- Install any pending security updates or patches.
- Change passwords. Better yet, implement multi-factor authentication.
2. Assess the Breach
If you are one victim of an attack that has been launched against multiple businesses or even your entire industry, follow updates from trusted sources charged with monitoring the situation to ensure that you know what to do next. Whether your company is part of a broader attack or is the sole victim of it, you’ll need to determine the cause of the breach at your specific location so you can prevent another attack.
Questions to ask yourself:
- Who has access to the servers that were infected?
- Which network connections were active when the breach occurred?
- How was the attack initiated?
You may be able to pinpoint how the breach was initiated by checking your security data logs through your firewall or email providers, your antivirus program, or your Intrusion Detection System. If you have difficulty determining the source and scope of the breach, you should hire a qualified cyber investigator. That may end up being your best bet for protecting your company going forward.
3. Identify all those affected by the breach.
You will need to find out exactly who has been affected by the breach, including employees, customers, and third-party vendors. Assess how severe the data breach was by determining what information was accessed or targeted, such as mailing addresses, e-mail accounts, credit card numbers and other sensitive information.
4. Educate employees about data breach protocols.
Your employees should be aware of your company’s policies regarding data breaches. After discovering the cause of the breach, adjust and communicate your security protocols to help safeguard against another incident. Consider restricting your employees’ access to data in accordance with their job roles. Moreover, you should provide regular, mandatory employee training on how to prepare for data breaches or avoid them in the first place. Here are 10 tips for employee cybersecurity.
5. Manage the fallout.
Communicate with your employees and stakeholders to apprise them of the breach. Define clear authorizations for team members to communicate the breach to both internal and external audiences. Remaining on the same page with your team is crucial while your business recovers from a data breach. You may need to consult with your attorney to determine the best way to inform customers about the breach.
6. If you have cyber liability insurance, notify your carrier.
If you don’t have cyber liability insurance, there are a number of cyber insurance providers to choose from, including The Hartford, Nationwide, and AmTrust. They can assist you in the selection of optimal cyber liability coverage for your business.
7. Notify customers.
Emphasize your willingness to be transparent with your customers by implementing a special action hotline and by developing a newsroom on your company website. Communication can be key to maintaining positive, professional relationships with your patrons.
8. Increase security by implementing multi-factor authentication.
Much of the time, cybercriminals are successful because company’s practice what we at EZnet call poor password hygiene. Even the most clever password (or, at least what you think is a totally clever password that no one could guess) is insufficient security. Instead, think seriously about implementing multi-factor authentication. It’s growing in popularity in the government and education sectors. And it’s the best bet for companies of all sizes that are serious about thwarting cybercriminals.
9. Secure your company’s website with TLS/SSL.
Asymmetric encryption is a foundational technology for TLS (often called SSL), which secures millions of websites around the world, including ours here at EZnet Scheduler® and at our parent company, EZnet Services, Inc.®. TLS/SSL ensures website visitors that the site they’re connecting to is the real website for the individual or business the visitor wants to visit.