What To Do If Your Business Has Been Hacked

PublisherSol Minion Developmenthttps:https://assets.solminion.co/logo.svg?mtime=20200915165531&focal=nonePublishedincident response planplanningstrategy

Small businesses are more vulnerable to being hacked than ever before. The large corporations get the headlines, but 43% of hackings happen to small businesses. And only 14% of you are prepared for the hackers (source). Many small businesses go under within months of an incident. If your business is a victim of a cybersecurity breach, you need to act quickly.

Steps To Take When Your Business Gets Hacked

Your goal in responding to a cybersecurity incident is to contain the damage and prevent it from happening again. Here are the steps to take when your business gets hacked:

  1. Sound The Alarm: Word needs to spread throughout your business so that all hands are on deck to put out the fire.
  2. Lock Everything Down: The key here is containment, stop the damage. Change passwords, physically secure sensitive data, limit access, and inventory hardware.
  3. Take Responsibility: Inform your customers, vendors, suppliers, and others. It may even be appropriate to inform the public for their own good, depending on your business model. If hackers got your business, they’re going after similar entities. See #8 below (hint: call an attorney).
  4. Find The Breach: Isolate the fault that opened up the vulnerability. This may be outdated technology or a training issue.
  5. Fix The Vulnerability: For your own good, you need to prevent future breaches. You also need to assure your customers and vendors that you have fixed the issue. Replace infected systems, update technology, and train your employees.
  6. Assess The Damage: Damage can be in the form of stolen data, intellectual property, or money. Account for lost time finding and fixing the problem, as well as costs involved in fixing the vulnerabilities and taking corrective action.
  7. Document The Attack: Create a report that summarizes the whole situation: what was the situation before the attack, what did the attackers use to get in, how did you fix it, and what was the total damage caused.
  8. Get Advice: It’s time to call the lawyers and possibly law enforcement. Loop in your public relations expert and your IT team.
  9. Send An Update: Let people know what happened; who was affected and how; and what you’ve done to fix the vulnerability.
Thumbnail - Resource: Cybersecurity Checklist

Download Our Checklist

Start creating your cybersecurity strategy with our free checklist to evaluate your risk.

Thumbnail - Resource: Cybersecurity Checklist

Download Our Checklist

Start creating your cybersecurity strategy with our free checklist to evaluate your risk.

The Incident Response Plan

If you didn’t have an Incident Response Plan before the data breach, you now see the need to have a plan in place to prepare for and respond to hacks, breaches, and disasters. Once you have this plan, put together a good training system to keep your employees informed. When the building’s on fire, it’s too late to start showing people the fire exits. Your whole team needs to know the plan in case of a data disaster.

Your Incident Response Plan will help mitigate damages in the case of a cyberattack by keeping your business prepared. The basics of an Incident Response Plan include:

  • Identification of network and data vulnerabilities
  • A response plan to communicate the incident and mobilize the response
  • Basic triage procedures to help identify the breach as quickly as possible
  • Key actions to contain the leak or damage
  • Documenting recovery and lessons learned

Get Your Cybersecurity Plans In Order

If you’re here because your company was attacked, and you’re still not sure how to respond, find the breach, and stop the bleeding, then please contact us right away for help. If you’re worried that your business could become one of those statistics because you don’t have the plans and training in place to defend and respond to an attack, then contact us to put those plans in place and assess your networks and data security.

Contact us now to execute your cybersecurity plan.