Small businesses receive nearly half of all cyber attacks, but only 14% are prepared to effectively react and recover. If you suspect your business is under a cyber attack, these are the first four things to do.
1. Isolate and contain the attack: When you suspect a bad actor has been successful, you must immediately work to isolate and contain the attack. This prevents the attacker from causing further damage, accessing additional systems, or stealing more data. Identify which systems or devices have been compromised or are potentially compromised. This could include servers, workstations, or other networked devices. Physically disconnect compromised devices from the network, or if possible, use network-level controls like firewalls to block communication to and from these devices. Once you’ve identified which accounts or systems have been compromised, take immediate action to disable or suspend them. Disable any user accounts, service accounts, or privileged accounts that have been compromised. For compromised systems or servers, disconnect them from the network and power them down if necessary. Change passwords, revoke access for compromised accounts, and enable Multi-factor Authentication (MFA) moving forward.
2. Assess the damages: You need to assess the damages to help you understand the full scope of the breach, how it occurred, and what actions to take next. Conduct a thorough examination of affected systems, logs, and network traffic to determine which systems or data have been accessed, altered, or stolen by the attacker. Identify the specific types of data that may have been compromised, such as customer information, financial data, intellectual property, or sensitive internal documents. You will need to determine how the attacker gained access to your systems and conduct a vulnerability assessment to identify weaknesses in your network, systems, and software that the attacker exploited.
3. Restore Systems: The swiftness with which you can get your business back to operating as usual will depend on the integrity and timeliness of your backups. Before you restore, you’ll need to ensure that your backups are secure and have not been compromised with malware or other vulnerabilities that could reintroduce the threat. Once restored, work through all software, operating systems, and applications and install the latest security patches and updates.
4. Notify Relevant Parties: Effective communication during and after a cyberattack can help minimize damage to your business’s reputation and foster trust among stakeholders. Report the incident to law enforcement and relevant regulatory authorities if necessary. Notify your customers if their personal or financial information was compromised. Inform your employees about the breach and the steps they should take. It is important to maintain a consistent and honest message. Avoid making unfounded claims or speculating about the extent of the breach. Instead, focus on providing accurate and actionable information to help those affected by the incident protect themselves and mitigate potential harm.
These are just the first four steps. There will be a lot more work to do to minimize damage and prevent future incidents. Consider seeking professional guidance, and document all actions taken for future reference and improvement of your cybersecurity posture.