What to do after recovering from a cyberattack

Credit to Author: Malwarebytes Labs| Date: Thu, 23 Feb 2017 18:00:04 +0000

More companies are falling victim to cyberattacks, as a wide range of harmful software, social engineering schemes and scams threaten to compromise the personal information and online safety of their clients. With cybercrime rates on the increase every year, it is important for businesses of all sizes to have a recovery plan in place to mitigate any losses. In the unfortunate event of a data breach, these are the steps you should take to recover.

Identify and Contain the Problem

On average, companies do not know about data breaches or cyberattacks until at least 200 days after they have occurred. As soon as you become aware of a security incident, the first step is to identify and contain the problem.

Having all of the correct facts will go a long way to helping to formulate an effective response plan, and better inform your communications with customers. When identifying a data breach, ensure that you document the following:

  • When it took place
  • How it will affect customers
  • What assets were affected
  • Who are the victims
  • The type of attack

To contain and remove the issue, your IT department should be ready to spring into action. To ensure that they are prepared for such a task, any business owner should hire a cybersecurity specialist or send their IT staff for cybersecurity training. They should be prepared to:

  • Separate sensitive data from the network. If banking and login information is not encrypted, do so now.
  • Reset all affected logins. All parties affected by the cyberattack should have their login details changed and the new passwords should be secure in that they have uppercase letters, lowercase letters, symbols and numbers. Also consider using two-factor authentication to tighten up security.
  • Reinstall affected files. Any programs that have been affected by the attack should be uninstalled and reinstalled so that the infection cannot spread.
  • Disconnect affected hosts. Once it has been disconnected, the host is no longer available and can no longer be subjected to the cyberattack.
  • Apply security patches if necessary. This software is designed to update any programs or operating systems, fixing vulnerabilities and other bugs that could compromise your online security.
  • Remove all files installed by the attack. After they have been isolated, your IT analysts will investigate them to gain a better understanding of the attack, potentially identify the attacker and identify any security vulnerabilities.

Inform Your Customers Promptly

Large companies tend not to have a history of a responding to cyberattacks in a timely manner. While they react quickly by containing the breach, it is often months before they address the general public and even those affected by the incident.

British mobile phone operator TalkTalk was criticized for waiting to inform customers of its data breach in 2015, and things haven’t improved over the years. In 2016, Yahoo took five months to respond to customers who had their data stolen. It is this kind of behavior that causes companies to lose customers and even sets them up to face class-action lawsuits. In fact, TalkTalk lost 101,000 customers as a direct result of its data breach.

The solution is to act quickly and ensure that you have a response plan ready long before any cybercrime has occurred. Liaise with your PR and Marketing departments to prepare communications that you can issue in the event of a data breach. It should include information about compensation and outline any steps that you’re taking to prevent future security incidents, such as implementing new cybersecurity protocols. When the time comes to distribute this information, your IT team will be involved to fill in the specific details.

One of the best examples of an effective cybercrime response is Home Depot. In 2014, the company faced data breach that compromised the banking information of its customers. Its PR team took to social media right away, informing customers that staff are looking into the issue and working with law enforcement.

Usually, organizations that experience data breaches lose an average of $3.97 million due to lost customers. However, Home Depot actually saw a 5.7 percent increase in net sales during the following quarter. Its proactive approach to communication certainly had a positive effect on the company’s profits.

Prevent Future Breaches

In the event of a data breach, it is important that you have the right professionals on board to help your business recover. According to IBM, enlisting in the help of cybersecurity experts can help you save millions as your company aims to contain a data breach and respond to the affected parties.

  • Appointing a Chief Information Security Officer saves $7 per record. This staff member is responsible for developing and implementing a program that protects all communications, systems and assets from all types of security threats.
  • Involving a Business Community Manager saves businesses $9 per record. This professional is responsible for your brand’s image in the online world. They will handle online communications with customers and press, and they play a key role in crisis management.
  • Incident response teams save $16 per record. It is their job to react to any cybersecurity threats or incidents in a timely manner. They will analyze the incident in order to identify, contain and eradicate the issue. This team should include professionals from various departments like business managers, IT staff, legal representatives and human resources employees.

Research by Ponemon Institute, LLC found that enlisting in cybersecurity professionals can help drive down the costs of data breach recovery. Employing experts in online security saved companies $2.1 million per year while hiring a high-level security manager like a CISO saved $2 million.

Companies can also lower their defense costs by investing in online security technologies. Security intelligence systems saved companies an average of $3.7 million while encryption technology saved companies $1.4 million per year. Using advanced firewalls saved them $2.5 million.

Tighten Up Your Legal Defense

After having their information compromised by a data breach, it is not uncommon for customers to sue the company. With Yahoo facing a class-action lawsuit in light of its recent data breach that affected over 500 million accounts, it is important for companies to prepare for the fact that they may be taken to court for allowing a hacker access to their customers’ personal information.

The Department of Justice advises business owners to form a relationship with local law enforcement offices before a cyberincident has the chance to occur. This establishes a point-of-contact in the event of a data breach, to whom you can report the crime.

Legal counsel should also be retained before any cybercrimes have the chance to be committed. When doing so, business managers should ensure that their legal team has experience with cyberincident management. They should have the knowledge necessary to help guide you when reporting the breach to customers, navigating your liability for taking corrective measures and interactive with government agencies. As this is an emerging legal issue, your legal team should stay up-to-date with the latest developments so they prepared to handle any situation.

In the event of a data breach, companies can avoid lawsuits by taking proactive measures to take care of customers. Some companies like Neiman Marcus have offered victims credit monitoring services, which not only demonstrates great customer service but also weaken claims that customers may make about having suffered harm as a result of the data breach.

The best defense is a good offense, so companies should be proactive in preventing cyberattacks from occurring in the first place. Since 66 percent of data breaches are caused by employee negligence, business owners should take measures so that there are no insider threats. As such, all staff members should be trained in the best practices for cybersecurity.

Being prepared and acting quickly are vital to helping your company recover from a cyberattack as effectively as possible. Your customers will appreciate that you’ve taken action promptly to protect them, which goes a long way to maintaining a successful and profitable business in light of a data breach.

Author Bio: Faith is a technology blogger for Secure Thoughts, a leading resource on cybersecurity. With a background in marketing, she specializes in helping businesses engage in effective communication in the event of data breaches and other cyberincidents. 

https://blog.malwarebytes.com/feed/