There’s no question about it — getting hacked is every business owner’s nightmare. And when one employee’s computer has been hacked, it can impact your entire network, infecting computers and devices across your organization, bringing your business to a screeching halt. The good news is that there are steps you can take immediately after you’re hacked to protect your business and limit the damage to your business network.
It’s important to put incident response plans in place to guide your organization through a security breach. Creating these plans before your organization is compromised helps ensure that your staff knows how to identify cyber security attacks and understands what steps to take regarding communication, business continuity, and disaster recovery.
What to Do if You’ve Been Hacked
If someone in your organization has opened a phishing email attachment or clicked on a malicious link, compromising their computer, it’s important that they act quickly to prevent any further damage from occurring. Here’s what to do after you’ve been hacked:
1. Immediately disconnect the computer or device from the network.
If you are working from a PC, disconnect the network cable (AKA. ethernet cable) from the PC. If you’re using the Wi-Fi network, disconnect from it immediately. Do not shut off or restart your computer, as this can actually cause more damage.
2. Ask all employees to disconnect from the network.
Direct all other employees to also disconnect from the network by either disconnecting the network cable from their PC or turning off their Wi-Fi connection. This helps limit the spread of the virus if it has reached the network and their device.
3. Call your IT managed service provider.
You should call your managed service provider immediately after your system has been compromised. They will quickly assess the damage and depending on what needs to be done to remediate the damage either fix the problem or recommend you call your insurance company and their forensic team. If the extent of the damage is significant or includes a data breach of sensitive information your insurance company will use their own forensic team to uncover what has occurred and what data was stolen--see #5.
4. Send out any necessary communications.
Your business should have a communications plan in place that details who you should contact and what you should communicate with them after a hack (more on this later). After you have spoken with your MSP and ascertained the damage, it’s time to implement the communications plan.
5. Call your cybersecurity insurance provider.
If you have cyber security insurance, you’ll want to call your provider to explain what has happened, providing details about the damage and potential consequences. You may also want to consult with inside or outside legal counsel in case the incident results in a lawsuit.
What to Do Before Your System Gets Hacked
While these are steps you can take immediately after a hack to limit the damage to your network, there are also some very important steps you should take before you’re stuck in the middle of a cyber attack. Preparing for these types of cyber security incidents with business continuity and disaster recovery (BCDR) plans that detail what you will do in response is a vital part of ensuring your business can continue to run while your incident response team/MSP fixes the issues. These resources are also helpful when working to manage your company’s reputation after a hack.
Employee Training
Ongoing employee cyber security training and testing will help ensure that your staff understands what dangers they may encounter online. Training can help employees understand what a hack looks like and how to avoid a hack — such as identifying which websites to avoid, what links they should not click on, and which attachments they should refrain from opening. Employee cyber security training also teaches things like what a network cable looks like, so users will know which wire to pull while in the midst of this stressful situation.
Disaster Recovery Plan
Your company’s disaster recovery plan details the steps that your organization will take after a cyber security incident. This plan should include what employees will do to limit the spread of damage immediately after the incident takes place and what steps the company will take to fix the issue and recover from the damage. A disaster recovery plan may also include some guidelines for reputation management and running your business after a network security breach.
Communications Plan
A communications plan details what your organization will do to communicate what is happening after an attack with people both inside and outside your organization. Here are some things your communications plan should include:
- How your organization will notify employees about the hack.
- Who outside of your organization needs to be contacted regarding the incident, including customers, clients, partners, vendors, investors, etc.
- How your organization will notify individuals outside your organization about the hack.
- How often your organization plans to communicate updates and which channels you will use.
Business Continuity Plan
A business continuity plan is another important preventative plan that your company needs to develop before your system is compromised. This plan is a document detailing how your business will operate when your systems are down. How will you continue to conduct business without computer resources? What steps can you take to limit downtime before the fix is complete?
Backups
Regularly backing up your data is vital to minimizing data loss after a cyber security incident. After your organization has been compromised, your MSP will often wipe your system and restore it from your most recent backup prior to the infection. That’s why it is so important for businesses to have structures in place that automatically back up data regularly. Most companies back up at least once a day, with many doing so hourly.
Need IT Support in Omaha or Lincoln, NE? Call CoreTech.
If you have experienced a system hack, you’re going to need some help. Call CoreTech right away to let us know that you’ve been hacked and that it’s an urgent situation. We have policies and procedures in place that will limit damage and help your organization get back up and running as soon as possible. The time to recovery will ultimately depend on what type of incident your business has experienced and how prepared you were ahead of time.
When you hire CoreTech as your IT managed service provider (MSP), you also benefit from our multilayer approach to security. This means that we put processes, systems and tools in place to minimize damage caused by cyber attacks. Additionally, our backup systems are set up to capture as much data as possible, so that you’re able to get back on your feet without losing too much of your work.
If you need help preparing your organization and reducing your risk of a cyber attack, contact us today.