Unfortunately, even the most secure companies can experience a cyberattack. There is no way to ensure 100% protection. And with the rise in cybercrime over the past few years, coupled with the average cost of a breach at $4.35 million US, knowing what to do if you fall victim to an attack is critical to the stability of your company. With that in mind, here are six steps to take if you experience a cyberattack.
1. Get Your Response Team Mobilized
You should have a cybersecurity response team established, and they should be ready to jump into action at a moment’s notice. This team should be cross-disciplinary, and each member should be trained on their specific role in a cyber incident.
2. Determine What Type of Attack It Is
The type of cyberattack will determine the response. Knowing whether malware, social engineering, ransomware, or other attack types determines how your response team contains the breach and recovers from the attack.
3. Contain the Breach and Minimize the Damage
As soon as a cyber attack happens, the first goal is to minimize damage. This means containing the breach as quickly as possible so the attackers cannot access your system. Steps you can take to do this include:
- Disconnecting from the internet
- Disabling remote access
- Changing passwords
- Installing software updates and patches
- Checking your firewall and performing required maintenance
All steps you took to contain the cyberattack should be documented.
4. Assess the Damage and Initiate Repairs
Determine what systems and functions were accessed and whether any sensitive or confidential data was compromised. Repair may include completely shutting down or uninstalling and reinstalling critical systems and software. Be sure you have all your important data backed up to ensure this process goes as smoothly as possible.
5. Report the Cyberattack
You must report the cyberattack to the appropriate authorities in your region. In Canada, that is the Canadian Centre for Cyber Security. In the U.S., report it to the FBI, the Secret Service’s Electronic Crimes Task Force, the Internet Crime Complaint Center, and the Federal Trade Commission. You also need to report the cyberattack to stakeholders within the company. This includes shareholders, employees, suppliers, partners, and customers.
6. Manage the Fallout
If employee and/or customer data was compromised during the attack, you need to have a strong PR response ready to go to manage the impact of the cyberattack and public perception regarding the incident and your organization. Transparency is paramount in this situation because you want to maintain trust in the public and your employees.
Final Word
Your work is not done once you respond to and clean up after a cyberattack. You need to understand what happened so you can take steps to ensure it won’t happen again. This may include upgrading software and systems, changing security policies and procedures, and training employees to recognize and avoid cyber threats.
Contact Platinum Technologies today to learn how to respond to a cyberattack and how we can help you prepare for one.
