Your Business has been HACKED — Now What?

by | Apr 3, 2021

Have you been hacked? Cybercriminals are becoming more and more sophisticated in their attacks, making no one completely safe.

Do you have a business continuity and disaster recovery plan in place? While good cyber hygiene is comprised of layered security solutions, and ongoing staff training is a key ingredient to preventing an attack, a plan for disaster recovery is still essential.

Six Steps to Business Continuity after a Hack

    1. Be prepared for it
    2. Stay calm and seek help
    3. Get legal advice
    4. Communicate
    5. Isolate and eliminate
    6. Rebuild

If you have followed PCA Technology Solutions for any length of time, you certainly know that #TheThreatsAreReal.

 

    • There has been a shocking 63% increase in cyber crimes targeting small to medium businesses in the past two years alone, according to a study by the Keeper Security and Ponemon Institute.
    • The average cost per incident for organizations with fewer than 500 employees is $7.81 million, as found in the same study in 2020.

Everything that follows the event of a cyber attack is a lot to digest, which is why prevention is so important. Cybercriminals are becoming more and more sophisticated in their attacks, making no one completely safe. Sadly, 43% of small to medium businesses lack any type of cyber security plan, so hackers see them as easy targets.

Did you know that over 30% of attacks on small businesses stem from a phishing attempt?

This is why investment in staff training is critical for good cyber hygiene in your business.

Cyber hygiene is a set of practices organizations and individuals perform regularly to maintain the health and security of users, devices, networks and data.

The goal of cyber hygiene is to keep sensitive data secure and protect it from theft or attacks.

While proper cyber hygiene, which is comprised of layered security solutions and ongoing staff training, is a key ingredient to preventing an attack, a plan for business continuity and disaster recovery is still essential.

So, what can you do if your organization falls victim to an attack?

1. Be prepared for it.
First and foremost, have a plan and proper security measures in place before you need them. This could be the key to keeping your organization from becoming part of the 60% of small businesses that close their doors permanently within six months of a breach.

For this reason, we believe that having a Chief Information Officer (CIO) or virtual Chief Information Officer (vCIO) who understands the need for disaster recovery is an essential component of your overall security plan.

2. Stay calm and seek help.
Have you ever heard the saying that “chaos creates chaos”? If you experience an irregularity that leads you to believe you have been hacked, you should make two phone calls immediately:

    • Contact a trusted security consultant or provider, and
    • Your local computer crimes law enforcement

These professionals can help you to get a complete picture of what is going on and can narrow down how the hacker(s) infiltrated your network and what data has been compromised.

3. Get legal advice.

When it comes to breached data, certain authorities must be notified, and failure to do so could land you in a liability lawsuit. An experienced attorney can walk you through your legal obligations. 

Do you have a cyber insurance policy? If so, your cyber insurance policy might provide that service.

4. Communicate.

Quickly communicate the dreaded news with potentially affected employees, customers, and partners about what happened. 

Being hacked is costly. Withholding information could potentially seriously damage your reputation, and thus your ability to continue doing business.

5. Isolate and eliminate.

No different than when a person is sick, once a device or group of devices are detected to be infected, quarantine them from all other devices on your network and shut down your website while you clean up. 

Do you have verified daily backups? 

During the clean-up process, having backup data is key to restoring your business to normal operations. 

6. Rebuild
Once your security breach is behind you and the point of entry for the hackers has been identified, it is time to rebuild.

Acknowledging where things went wrong is critical to prevent them from happening again.

Make sure all security defenses are running properly, data is backed up securely, your team is properly trained to avoid phishing scams, and your newly updated business continuity and disaster recovery plan are in place in case of future attacks.

Do you have the technical expertise on staff to handle a cyber attack or hacking event? Most small to medium businesses do not.

PCA Technology Solutions specializes in partnering with businesses to help prevent cyber attacks and hacking events, and we also have the technical expertise and experience to help recover and rebuild should your business fall prey to a cyber-criminal. Contact us today to see how we can partner with you.