What to do if your business has been hacked

A UK Government survey has found that a shocking 39% of businesses came under a form of cyber attack in 2021, with the estimated global cost of cyber crime having reached $6 trillion in the same year.

Falling victim to a cyber attack can cause severe financial loss and reputational damage for any organisation. With the alarming rise of cybercrime predicted to continue for 2022, a call is being made for businesses to do everything possible to protect themselves and their data from attack, but some firms are thought not aware of what do to if the worst happened.

Cyber-crime expert Anthony Green said: “Whether an attack has reached its final stage – which will most commonly look like the delivery of a ransom demand – or you’ve just discovered a suspected breach to your system, it’s important to try and stay calm. It’s easy to panic, particularly if an attack is in progress and you don’t know where the disruption is coming from. Prevention is always better than cure, and it’s crucial to ensure that your business is as protected as possible. However, it’s still important to know how to respond in the event of an attack. Developing a documented incident response plan can help you remain rational and take the right steps to mitigate the repercussions of an attack.”

A guide has been issued on steps to take for officials at firms who think they have been attacked.

Don’t shut down your system
This is a typical panic response, and it might be tempting to shut everything down. Unfortunately, if an attack is underway, you should assume that the hacker has already gathered much of the information they were looking for. By unplugging your system or deleting malicious files, you could be destroying evidence that will be key to discovering what has been taken, and how your system was breached. It’s far better to leave your system be and call an expert straight away.

Call an expert
This is the most important step to take in the event of a hack. If you have never used a cybersecurity consultancy firm before, and don’t employ in-house cybersecurity experts, then you need to conduct a search for a security expert as a matter of urgency.  To avoid this scenario, it is highly advisable for any organisation to find a trusted cybersecurity partner before a breach occurs. Having an expert on hand who is familiar with your system means that if the worst does happen, they will be able to act immediately to help you contain and analyse the attack. They can also help you discover the facts and take the right actions in the event of a ransomware demand.

Keep a record of events
As soon as you realise your system has been attaked, keep a record of every subsequent action taken – such as who has touched the system, and when. This log will help you keep track of your system, become a valuable resource for post-breach analysis, and will also help your organisation’s case in the event of any legal action. 

Be honest with your customers
Most organisations will worry about the reputational damage of disclosing a breach of sensitive data, but if your users’ data is out there, they not only deserve to be notified, but you could face legal action if you fail to do so. Once you have called in an expert, they will work to understand the scope of the attack, close the security holes that have caused a problem and review your compromised files. If it is likely that the breach contained personal information then, by law, this must be reported to the Information Commissioner’s Office within 72 hours. Failing to do so can lead to a fine of up to £8.7 million or 2% of your global turnover. 

Rebuild 
After an attack, it’s essential to submit your entire system to an extended security assessment. This can identify and fix any other vulnerabilities in your system to help protect your business from a repeat incident. The UK Government’s 2021 cybersecurity review found only 15% of businesses have conducted an audit of their cyber security vulnerabilities, and only 31% of businesses and 27% of charities have a business continuity plan that covers cybersecurity. Therefore, while cyber attacks are certainly on the rise - and it’s important to know how to respond to a breach - there is still a huge amount of scope for businesses work with the experts to improve their cybersecurity strategy and greatly reduce their risk of falling victim to any form of attack.

Your Views on Local News

Erewash Sound is seeking views from members of the public on how they access local news currently, and how they might like this to look in the future.  You can complete our short survey to share your views.

More from Borough Wide

On Air Now Daytime with Deb Marshall 1:00pm - 4:00pm
Now Playing
Cruel Summer Taylor Swift Download
Recently Played