What Should You Do If Your Business Is Hacked? (£)
Unfortunately hacking is now part of the current culture and around 85% of businesses worldwide have been hacked in one form or many.
Most Boards have decided not to discuss these issues outside of their security, computer, IT or Board rooms and believe that the PR issues involved are more damaging than the actual attacks themselves and they have decided to keep the issues media quite.
Much as this might make sense to the Directors of banks, consultancies, insurance businesses and retail operations, to name only a few, the issues should be broadened internally in order to engage with potential solutions that cross security boundaries.
Over half of CIOs interviewed say that they have reported a large increase in hacks in 2015 and that they do not yet see this decreasing. But of course reporting this to the Board is not positive and often there is a mistaken belief that therefore the CIO and CSO are to blame within the organisation and so the IT Management has reduced the number of times that they report cyber incidents to the senior management as they do not want to put their jobs at risk.
For instance the retailer, Target in 2013 was attacked by a memory-only Trojan, then the hackers stole over 40 million credit card numbers, phone numbers, addresses and security codes. Trojan computing is malicious software that is delivered by appearing to be a normal attachment to an email where information is asked, for it to be filled in, or new information downloaded.
This of course is only one recorded incident of many and it is important to understand from your own industry point of view what the current attacks are like and what specialists say are the best ways of reducing risk and acting if an attack happens.
Currently, in the US, healthcare, financial services and higher education sectors are particularly vulnerable to data breaches. These attacks were caused by malware or hacks.
And so what should you do as part of the Board – first you should discuss these issues more broadly and gradually get into the detail once you have also done some background research, concerning the areas of business that you are involved in, and where the hacking attacks are most likely to focus upon.
Form a cyber comprehension club/department and get employees and Directors and management from different parts of the organisation to take part. Discuss the ways in which systems in your industry get attacked, experience theft and shutdowns and what the best methods for security that are currently being used.
Clarity of the issues and discussion of the required and potential security initiatives would significantly help to reduce the potential of attack and the effects and resolutions once attacks take place.