What to Do if Your Business Experiences a Cyberattack
While businesses can take precautionary measures to mitigate the likelihood of cyberattacks, there are no guaranteed ways to completely negate them. For this reason, it’s important to have a response plan in place to minimize the damage if such an event occurs.
Step 1: Contain
As soon as you become aware that your company has been attacked, it’s important to contain the evidence so that it can be properly addressed. You may be inclined to immediately delete everything; however, this action will greatly hinder your ability to address the situation and implement changes to prevent future attacks. Locate and isolate affected servers and devices immediately to prevent the attack from spreading further. Actions you should take to contain the attack include:
- Disconnecting from the internet
- Immediately changing all passwords
- Disabling remote access
- Updating and reinstalling any security software, such as firewalls
Step 2: Document & Address
After containing and isolating the source of the attack, the next step is to document everything that occurred. Be sure to include:
- The type of attack
- When the attack took place
- How the attack was recognized
- The data/information that was compromised
- The devices and servers that were compromised
- Who was involved in the attack
Also, include any additional information that you deem important for recognizing and preventing future attacks. After documenting, attempt to pinpoint exactly where the vulnerability in your business system allowed the attack to occur. Check security data logs and work with your IT department to find points of entry, such as phishing emails or unsecured networks. You may also consider hiring a cyber investigator to further ensure your safety from future attacks.
Step 3: Notify the Authorities
This step is especially important if your company holds customer data, such as credit card information or other sensitive/financial information, as you may be required by law to report the attack to the authorities. However, each state has different rules and procedures about reporting a cyberattack, and in certain cases, you may be subject to multiple states' disclosures. To find out what disclosures are required for each state, click here. You can report the attack to the Internet Crime Complaint Center (IC3), which will then forward it to federal, state, local, or international law enforcement.
Step 4: Disclose the Event to Customers and Employees
Inform your customers of the attack and take additional steps to ensure an open line of communication. Customers value transparency, and addressing all their concerns accordingly can help maintain a positive relationship. Be sure to include an outline of the events that occurred and a list of actions being taken to address the problem. In some instances, it may be wise to seek legal counsel to help address customers' concerns.
You will also need to disclose the event to your employees. Ensure they understand the full impact of the situation and how to discuss it internally and externally. It is also crucial to educate your employees on the additional measures or procedures you initiate to mitigate the likelihood of future cyberattacks. Make sure they are aware of their responsibilities during such events and how they should respond to the problem. For more information about the types of precautionary measures you should implement in your business operations to decrease the likelihood of another attack, please explore our additional article, "Protect Your Business From Cyber Threats."