First Response: Critical Steps for Dealing with a Cyber Attack

by | Best-Practice, Network, Security, Technology

Every year, numerous businesses fall prey to vicious cyber attacks. These attacks can come in a number of forms, from viruses designed to silently steal your private information to malware that quite literally holds your business for ransom. In every case, though, these attacks can be highly disruptive and extremely expensive. If you and your business have been unfortunate enough to fall victim to a cyber attack, here are the critical first steps that you should follow:

Step #1: Stay Calm

The first and most important step in any disaster scenario is to stay calm, and a cyber attack is most certainly a disaster scenario. If you are able to avoid panicking, though, you will be able to address the situation in a far more organized and logical manner.

Step #2: Mobilize Your Response Team

Before you can go about correcting the damage a cyber attack has done, you will need to organize a response team that is as capable and complete as possible. This team will obviously need to include members of your IT staff (in-house or contracted) who are able to investigate the attack and begin resolving it.

However, your response team may also include HR professionals if your employees have been affected by the attack, PR representatives who can help explain the situation to your customers, intellectual property experts who can help minimize the impact of stolen data on your brand, and perhaps even legal counsel, as cyber attacks come with a whole host of legal implications of which your business should be aware.

Step #3: Switch to Backup Servers

If your business has backup servers in place, it’s important to switch to them after a cyber attack. If these servers have not been damaged by the attack, you will be able to keep your network up and running while you work to fix the problem.
If you do not have backup servers available, don’t turn off your main servers.

This is the first instinct of many business owners, however, turning off the servers will not remedy the damage that was done to them. By leaving your servers on, your IT team will be able to analyze the evidence from the attack and work towards a solution.

Step #4: Isolate the Breach

The first response from your technical team should be to find where the breach happened and contain it in order to ensure that as few systems as possible are affected. Unfortunately, containing the breach often means suspending the section of your network that has been compromised, which can be extremely costly and disruptive to your business. Sometimes, it may even be required that you temporarily suspend your entire network.

As hard of a pill this can be to swallow, isolating and containing the breach is essential if you want to minimize the damage to your network. Once your technical team has isolated and contained the breach, they will be able to test and ensure that it has not spread to other sections of your network. Now certain that it has been contained, they will be able to go about removing it.

Step #5: Conduct an Investigation

The next step for your team to carry out is to conduct a thorough investigation. This investigation will need to explore the facts pertaining to the attack including its source, effects, and the actions that will need to be taken to remedy the damage that it has done.

Other members of your response team outside of your IT staff will also have roles in the initial investigation. If employees have been affected by the attack, your HR staff will need to decide how to handle the situation. At this point, your PR staff can also begin to formulate a plan on how to manage the effects of the attack as they relate to your customers and the public at large. If you have a lawyer(s) representing you, they may also begin exploring the legal consequences/courses of action pertaining to the attack.

In short, at this point, everyone on your response team should be pushing forward at full speed to manage and correct the fallout from the attack. As the business owner, it’s your job to ensure they have the resources they need to best carry out these tasks and provide them with clear, direct leadership.

Step #6: Document Everything

As your response team goes about their jobs, you will want to make sure they are carefully documenting everything they do and find. This evidence can be incredibly valuable in a number of ways. For one, you will be able to use your understanding of how the attack happened to find where you are vulnerable and shore up your defenses, helping to prevent a similar attack from ever happening again.

In addition to providing you with data that you can use to strengthen your cyber-security, carefully documenting the results of your team’s investigation may prove useful when later managing public relations and addressing legal and regulatory requirements.

Step #7: Repair, Regroup, and Move on

As devastating as a cyber attack can be for your business, it isn’t the end of the world and doesn’t have to be the end of your business. If you’ve done everything right, the damage from a cyber attack can be contained and repaired.
Of course, there will still be secondary issues to address even after the attack has been thwarted.

You may find that your business incurs some legal liability for the attack. Even if you are not legally liable, there will likely be steps you must take to repair your relationship with your customers. As bad as all this sounds though, plenty of businesses have survived it before. Have your response team repair all of these damages the best they can, regroup as a business, and move forward.

Step #8: Make Sure it Never Happens Again

Benjamin Franklin once said that an ounce of prevention is worth a pound of cure. This is especially true in the case of cyber attacks. As expensive as top-notch security may first seem, it’s not even a fraction as costly as dealing with a cyber attack.

Thankfully, there are plenty of options you have as a business owner to make your business a near-impossible target for would-be cyber criminals. From state-of-the-art antivirus software to security assessments designed to give you a complete understanding of how to improve your existing security, the technology and processes available today are more effective and affordable than they have ever been before.

If you would like to learn more about how we are able to help business owners protect their network from costly cyber attacks, we invite you to contact us today.

Disclaimer: By providing links to other sites, cyastech.com does not guarantee, approve, or endorse the information or products available on these sites.
Share This