You have taken all of the recommended steps to prevent a data breach in your network, computers, and connected equipment, yet you find your business under attack. The intrusion may be in the form of malware such as ransomware or spyware, denial-of-service attack, man-in-the-middle attack, or other unauthorized activities. Those on the receiving often don’t know what to do after a security breach.
The truth is that cyber security is a game of one-upmanship. New methods of defeating defenses are continually evolving, and new ways of sneaking past protections appear with increasing frequency. Unfortunately, there are very destructive and novel ideas coming from the minds of people creating tools to probe, listen in on, damage, and hold hostage information critical to run your business. This destructive creativity is sometimes ahead of the tools available to defend your data and equipment.
The Importance of Knowing What to Do after a Cyber Attack
During and immediately after a cyber security breach, you must quickly act to limit the damage. Just as medical professionals triage sick and injured patients, you don’t want to cause even more harm as you struggle to protect your data and business. The potential losses to small- and medium-sized businesses (SMBs) due to slow or improper responses to data breaches can be staggering; a recent report by CNBC estimates the average cost of a cyber attack to businesses is $200,000, from which many may never recover. Immediate action is critical to keep losses as low as possible.
The Federal Trade Commission guides businesses that have experienced data breaches in the steps to take toward recovery: secure operations, fix vulnerabilities, and provide notice to the appropriate parties. Notification is essential when financial or personal information is compromised and especially so when the confidentiality of legal, health or other information subject to privacy mandates is jeopardized.
Take Appropriate Steps to Protect Your Data after a Cyber Attack
Taking improper steps because you don’t know what to do after a security breach can cause more damage than good. When faced with a security breach, your initial reaction may be to “pull the plug” on your computer network and systems. Physically shutting down hardware and disconnecting servers and computers may seem like a quick way to stop the damage.
In some cases, doing so might buy some time. Under most circumstances, however, the damage had been done well before the breach was detected. Beyond the potential upside of slowing the spread of malicious software, it is not practical or possible for most companies to operate without accessing data on their computers and servers.
After becoming aware of the cyber attack, the first step should be to contain the breach and then identify whether any data was compromised or otherwise affected. Identifying these steps will help determine the appropriate next steps. For businesses without in-house or contracted IT personnel, the best course is to consult an experienced IT professional on what next steps would be best to contain and reverse the damage.
Recovering from a Ransomware Attack
In the case of ransomware, many SMBs have chosen the “easy” solution of paying a ransom to regain access to encrypted data. Increasingly, businesses and government agencies are reluctantly resorting to this quick fix. But is it wise?
Ransomware attackers encrypt files critical to the operation of your business and then offer to sell an encryption key to decrypt those files. In some cases, the cyber attack victims are given an option to purchase the key by a specific date or else risk losing access to those files permanently. The deadline increases the sense of urgency.
Paying a ransom demand is a risky proposition, but many organizations choose this route rather than risk assuming the costs and time of rebuilding their data—and business—from scratch or data backups. However, you are entering an agreement with someone who has committed a serious crime by accessing and then locking your files. Can you trust the offender will follow through on the bargain?
According to ProPublica, the insurance industry has created a new and very profitable source of revenue, in providing ransomware insurance. But some, like the Federal Bureau of Investigation (FBI), argue that paying the ransom fuels further cyber attacks. For those with this coverage, the decision on whether to pay the ransom is made by the insurer strictly on a cost basis—paying the ransom often costs less than getting up and running again from backups.
Long-Term Fallout from a Cyber Attack
Whether you have chosen to pay a ransom or to rebuild your business’ data, you need to consider the lingering repercussions. When encrypting your data, cyber criminals might have left behind backdoors, spyware, or other malware. You must take the time to do a thorough assessment of all equipment and software following the attack to ensure the future security of your systems and data.
Further, your data might already be in the hands of other criminals, intent on selling or using the data for further extortion and theft. At a minimum, you may be obligated to notify customers of a potential breach of their information.
Throughout the process, you will need to work hard to ensure you re-secure your hardware and software, find and fix vulnerabilities, and report issues to all parties affected by the criminal activities.
Consult an IT Professional about What to Do after a Cyber Attack
Cyber crime continues to grow. It can be a lucrative business for criminals. Business need to take pains to protect hardware and software from would-be attackers. Even then, sometimes the best defenses are not enough. Before you find yourself a victim of a security breach, contact an experienced IT professional to learn what to do after a security breach to limit the losses to you and customers.