There’s no question about it — getting hacked is every business owner’s nightmare. And when one employee’s computer is compromised, it can impact your entire network, infecting computers and devices across your organization, bringing your business to a screeching halt. The good news is that there are steps you can take immediately after you’re hacked to limit the damage to your business network.
But before your business ever has to go through something like this, it’s important to put plans in place to guide your organization through a breach. Creating these plans before your organization is compromised helps ensure that your staff knows how to identify cyber security attacks and understands what steps to take regarding communication, business continuity, and disaster recovery.
What do Do if You’ve Been Hacked
If someone in your organization has opened a phishing email attachment or clicked on a malicious link, compromising their computer, it’s important that they act quickly to prevent any further damage from occurring. Here’s what to do after you’ve been hacked:
1. Immediately disconnect the computer or device from the network.
If you are working from a PC, disconnect the network cable (AKA. ethernet cable) from the PC. If you’re using the Wi-Fi network, disconnect from it immediately. Do not shut off or restart your computer, as this can actually cause more damage.
2. Ask all employees to disconnect from the network.
Direct all other employees to also disconnect from the network by either disconnecting the network cable from their PC or turning off their Wi-Fi connection. This helps limit the spread of the virus if it has reached the network and their device.
3. Call your MSP.
You should call your managed service provider immediately after your system has been compromised. From there, they will take over the process of identifying the hack, isolating the damage, and fixing the problem so that your business can get back up and running.
4. Send out any necessary communications.
Your business should have a communications plan in place that details who you should contact and what you should communicate with them after a hack (more on this later). After you have spoken with your MSP and ascertained the damage, it’s time to implement the communications plan.
5. Call your cyber security insurance provider.
If you have cyber security insurance, you’ll want to call your provider to explain what has happened, providing details about the damage and potential consequences. You may also want to consult with inside or outside legal counsel in case the incident results in a lawsuit.
What to Do Before Your System Gets Hacked
While these are steps you can take immediately after a hack to limit the damage to your network, there are also some very important steps you should take before you’re stuck in the middle of a cyber attack. Preparing for these types of cyber security incidents with resources that detail what you will do in response is a vital part of ensuring your business can continue to run while your MSP fixes the issues. These resources are also helpful when working to manage your company’s reputation after a hack.
Ongoing employee cyber security training and testing will help ensure that your staff understands what dangers they may encounter online. Training can help employees understand what a hack looks like and how to avoid a hack — such as identifying which websites to avoid, what links they should not click on, and which attachments they should refrain from opening. Employee cyber security training also teaches things like what a network cable looks like, so users will know which wire to pull while in the midst of this stressful situation.
Disaster Recovery Plan
Your company’s disaster recovery plan details the steps that your organization will take after a cyber security incident. This plan should include what employees will do to limit the spread of damage immediately after the incident takes place and what steps the company will take to fix the issue and recover from the damage. This plan may also include some guidelines for reputation management and running your business after the attack.
A communications plan details what your organization will do to communicate what is happening after an attack with people both inside and outside your organization. Here are some things your communications plan should include:
- How your organization will notify employees about the hack.
- Who outside of your organization needs to be contacted regarding the incident, including customers, clients, partners, vendors, investors, etc.
- How your organization will notify individuals outside your organization about the hack.
- How often your organization plans to communicate updates and which channels you will use.
Business Continuity Plan
A business continuity plan is another important preventative plan that your company needs to develop before your system is compromised. This plan is a document detailing how your business will operate when your systems are down. How will you continue to conduct business without computer resources? What steps can you take to limit downtime before the fix is complete?
Regularly backing up your data is vital to minimizing data loss after a cyber security incident. After your organization has been compromised, your MSP will often wipe your system and restore it from your most recent backup prior to the infection. That’s why it is so important for businesses to have structures in place that automatically back up data regularly. Most companies back up at least once a day, with many doing so hourly.
Need IT Support in Omaha? Call CoreTech.
If you have experienced a system hack, you’re going to need some help. Call CoreTech right away to let us know that you’ve been hacked and that it’s an urgent situation. We have policies and procedures in place that will limit damage and help your organization get back up and running as soon as possible. The time to recovery will ultimately depend on what type of incident your business has experienced and how prepared you were ahead of time.
When you hire CoreTech as your MSP, you also benefit from our multilayer approach to security. This means that we put processes, systems and tools in place to minimize damage caused by cyber attacks. Additionally, our backup systems are set up to capture as much data as possible, so that you’re able to get back on your feet without losing too much of your work.
If you need help getting your organization prepared for a cyber attack or ransomware, contact us today.