It is a day that virtually every business owner fears, when you receive word from your IT department that your company’s computer system has been hacked. A million thoughts rush through your head, but they all come back to one question: what do I do right now to protect my company, my employees and my customers? The answer may seem daunting, but an answer does exist. This article attempts to provide you with a few of the basics on how to respond to a cyber-attack, focusing on the first step: Establishing your cyber-response team.
The first step to be taken upon learning of a cyber-breach is to understand what happened and what type of breach occurred. For example, is your system being held hostage by Ransomware, or did an employee mistakenly release confidential information? There are a number of common circumstances for cyber-breaches, such as: employee negligence like losing a laptop or flash drive containing personally identifiable information (“PII”) or protected health information (“PHI”); malicious insider behavior, such as the disgruntled or dishonest employee who steals company information to use for some nefarious purpose against the company; and perhaps the most wildly publicized breach as of late, hacking and cybercriminal activity.
In order to understand what happened and how best to react, the initial step is to assemble a team of cybersecurity professionals who can assist with all facets of the cyber-breach. In a perfect world, your company has already established its own cyber-breach response team, but if you have not done so, you will need to hire professionals as soon as possible after learning of the cyber-attack. This means engaging individuals who possess expertise in Information Technology and are experienced in evaluating the severity and scope of a cyber-breach. The cyber-breach needs to be quickly identified, affected systems need to be isolated, defenses to future breaches need to be put in place and steps to retrieve data need to be taken.