Responding to CybercrimeWhat to Do Immediately After Your Business Gets Hit
Responding to Cybercrime: What are the Steps to Take After a Cyber Attack?
Training staff, keeping tech updated, and monitoring vendors are all great preventative measures. But it’s equally important to have a strategy if those preventative measures fail.
Having a plan before an attack means a faster reaction, fewer surprises, and a better shot at recovery. A clear, step-by-step response can limit damage and protect your business.
“Cybercrime” sounds futuristic and high-tech, but hackers have no end of tricks, techniques, and even resources to do a lot of damage in a short time. In this post, we look at cybercrime from your perspective: what it is, what it costs, how it works… and how to protect business now and down the road.
Common QuestionIf hackers are demanding a ransom, should you pay it?Most experts advise against paying ransoms in response to cyberattacks. It’s risky, and may even be illegal in some cases. Plus, there’s no guarantee the bad guys will release your system or data, even if you pay up.
Step #1 | Isolate the Threat
First, contain the threat immediately. Disconnect affected systems from the network and isolate data. This will ensure that the attack is contained to a closed circuit of devices, and can’t spread any further.
Step #2 | Identify & Preserve Evidence
Don’t erase anything. Investigators will need to see all the evidence to understand the attack and gauge the total impact. You might accidentally delete crucial information that will end up costing you more in the long run.
Step #3 | Report the Incident
As soon as you can, start reporting the incident. Contact your payment processor, bank, and potentially card networks like Visa and Mastercard about the incident.
Step #4 | Report the Incident to Law Enforcement
You may also need to alert law enforcement, such as the FBI’s IC3 and the FTC. This will depend on the scale of the attack; follow guidance from your processor regarding this step.
Step #5 | Assess the Damage
You should do a damage assessment. What data was exposed? How many customers were affected? What’s the potential financial and reputational impact?
Step #6 | Notify Affected Customers
You’ll have to explain the breach to your customers. You want to be honest, but there’s no point in making a bad situation seem even worse than it is. Contact affected parties only after you get all the facts.
Step #7 | Next Steps
Finally, focus on recovery. Patch vulnerabilities, update systems, and restore connections. Consult legal counsel to discuss potential liabilities. If you have cyber insurance, your agent can tell you what’s covered and what you’ll need to file a claim.
