hands on a laptop with image of a padlock
The measures taken after a cyberattack have the power to mitigate damage and prevent further attacks. — Getty Images/Urupong

In today’s connected world, cyberattacks — anywhere from data breaches to malware and ransomware — are occurring at a more alarming frequency. In fact, 43% of the victims of data breaches are small businesses, and the average cost of a cyber security incident at a small business is nearly $35,000.

While it’s crucial to have preventive measures in place, it’s equally important to know how to respond quickly and effectively after a cyberattack occurs. We turned to the pros for guidance — here are three tactics they advise.

[Read: Need an IT Service Provider? Here's How to Choose]

Move into cybersecurity action mode

Douglas Williams, president and CEO of Williams Data Management, strongly recommends taking key action steps immediately following a cyberattack.

“First, assemble a business continuity team, including IT and data forensics experts, and have them determine the size and scope of the vulnerability,” he said.

Then, secure physical areas that could be related to the breach, and “change any access permissions right away. Next, stop any additional data loss by taking all systems affected offline after your forensics team has conducted its analysis,” added Williams. “Swap out any affected machines with unaffected ones. And update all user credentials and passwords that a hacker may have gained access to.”

Also, be sure to remove any information that may have been posted online as a result of the hack, including on other websites where the exposed data may have been posted.

“Interview all parties who discovered the breach, and document the process, as well. Refrain from destroying any evidence during the process,” he said.

Finally, remember to ensure your public relations communications are positive and constructive during the reconstruction of data.

[Read: Data Backup: What You Need to Know]

Once your company has nullified the urgent threat, there’s an imminent need to revise your plan and strengthen your defenses against future attacks.

Mike Tanenbaum, executive vice president and head of cyber, Chubb North America

Take next level security steps

Monique Becenti, product and channel specialist for SiteLock, said once a hack has been determined it’s vital to quickly execute an action plan across several departments, including upper management, sales/marketing, HR and legal.

“Begin by identifying the type of threat that caused the security breach if possible. This will give insight into what must be communicated to stakeholders and other departments that should know about the breach,” she said.

Next, notify various chains of command. “A fast response will depend on if you have a clearly defined plan that outlines who will delegate responsibilities amid the chaos of a security breach. The hierarchy should start with the business owner and trickle down from there,” added Becenti.

In addition, notify your IT department and/or cybersecurity provider. “A technical expert can act quickly in a situation like this and should be included as a stakeholder who can properly assess the damage.”

Lastly, mitigate the damage and further risks. “An automated security solution should be used to scan files, review firewall logs, and other reports to fully quarantine malware. Any malware found should be cleaned as quickly as possible to reduce any further damage to infrastructure, including files and databases,” said Becenti, who added that security patches should also be deployed for any outdated software.

Review what went wrong and beef up your protection

This almost certainly won’t be the last time your small business gets targeted by hackers. So devote resources now to assess what could have been done differently and plan for the next attack — without delay.

“Once your company has nullified the urgent threat, there’s an imminent need to revise your plan and strengthen your defenses against future attacks,” said Mike Tanenbaum, executive vice president and head of cyber for Chubb North America.

The aforementioned forensics team you assembled should identify the weakest points of your system and infrastructure and implement effective measures to prevent further hacks. This can include:

  • Upgrading software.
  • Changing passwords across the system.
  • Implementing two-step verification methods to access vulnerable accounts.
  • Putting a WAF (web application firewall) in place to safeguard your website.
  • Ensuring your e-commerce platform is PCI-DSS (payment card industry data security standards) Level 1 compliant.
  • Checking that your website hosting company regularly patches any security vulnerabilities.
  • Implementing extra measures to prevent theft of company servers, smartphones, laptops and other electronics.
  • Hiring an outside cybersecurity professional for consulting/monitoring.
  • Purchasing cyber insurance coverage.

“Sixty percent of small business breaches in the past three years were the result of external factors. Consequently, employee education training sessions should be also regularly occurring and comprehensive. Ensure that staff can identify warning signs of suspicious emails and attachments and know how to report any they receive,” Tanenbaum noted. “Train them on how to encrypt personal or sensitive information, too.”

[Read: Small Business Guide to Understanding Cloud Backup]

CO— aims to bring you inspiration from leading respected experts. However, before making any business decision, you should consult a professional who can advise you based on your individual situation.

Published September 03, 2019