This post was originally written and published on Stay Safe Online by Scot Spiro on June 28, 2018.
Getting hacked is a nightmare scenario for every business. Fifty percent of small businesses in the U.S. have experienced a cyberattack. And this fact is not surprising – most small businesses lack the advanced security resources and technology that large enterprises can afford.
One study found that it takes an average of 201 days to discover a data breach, and the time required to contain the breach can add an additional 70 days. Failing to plan for and quickly isolate an attack can result in irreversible data loss, reputation damage and financial penalties for your business.
Knowing what to do after a breach could be the difference between making a swift recovery and shutting your doors permanently. Here are five ways to minimize the damage once you’ve been hacked.
1. Identify the Type of Attack
Realizing your business has experienced a breach can come as a shock. The first step is to determine the method the attackers used to penetrate your network so you can mitigate any further risk. Small businesses can be easy targets for malware, phishing and ransomware attacks.
Identifying the type of breach will help you understand the source, its breadth and its impact and come up with the best plan of action.
2. Contain the Damage
Once you know the type of hack you’re dealing with, you can make moves to secure your network and prevent further data theft or additional damage. It’s critical to do this quickly and confine the impact.
Immediately reset all your passwords and remove any corrupted files. Depending on the severity of the breach, you might need to take the entire system offline, isolate part of your network, block website traffic or implement temporary firewalls.
3. Inform Affected Parties
If you collect any customer information, you’re obligated to inform them when you experience a data breach. The sooner, the better – hiding a hack from your customers is a dangerous move.
Companies like Uber and Yahoo generated tons of bad press and massive penalties in recent years for hiding data breaches from the public.
Take these steps to protect your customer relationships:
Inform customers immediately. Read up on your state laws to determine how soon you need to get the word out. Even if you don’t have all the answers yet, you should alert them quickly and keep them in the loop as new information emerges.
Contact your customers with a written notification and let them know:
A data breach has occurred
When the data breach occurred
What type of information that was compromise
The steps you're taking to remedy the situation
In your written notice, consider directing people to a website or number where they can get additional information. You can also supply contact information for credit monitoring agencies that can put fraud alerts on consumer accounts.
Your customers will likely be concerned about the attack. Don’t leave them in the dark. Over-communicate details about the hack and your response plan to quell concerns and help preserve your reputation. Keep all parties in the loop and share ongoing news about what you’re doing to tighten security and prevent future attacks.
4. Investigate and Report
To fully understand the scope of the vulnerability, you’ll likely need to bring in an outside cybersecurity expert. A forensics team will test your network to determine the type of attack that occurred and the part of your network that was compromised.
You should also consider investing in regular penetration testing to stay proactive against future vulnerabilities. Many cybersecurity firms offer penetration testing to poke holes in your network and uncover weak spots that hackers can exploit. Annually testing your network weaknesses will help you stay on top of security best practices and ward off future threats.
5. Safeguard Against Future Attacks
The nature of cyber threats is always evolving, and you need to prepare your infrastructure before the next breach happens.
Your security updates should include:
Repairing and rebuilding all computers and systems
Replacing corrupt data, files and applications with a clean backup
Creating additional layers of security, like two-factor authentication and encryption
If you don’t already have an incident response plan, now is the time to make one. Your plan should map out your entire computer network so you can easily pinpoint future threats.
Your incident response plan should also include communications that will go out to employees, the public, law enforcement and regulators. Most importantly, it should define guidelines for restoring normal business processes – by calling on backups, blocking IP addresses adjusting firewalls, etc.
You should also invest in additional safeguards like a cyber insurance policy and mandatory security training for employees. Outsourcing cybersecurity to a managed IT services provider is a great way to keep your infrastructure secure and free up your in-house IT team to focus on other responsibilities.
A cyberattack is every business owner’s worst fear – but it doesn’t have to cripple you. With a security plan, you can walk away from a data breach with minimal damage and preserve your customer relationships.