What Should You Do If Your Business Is Hit By A Cyber Attack?

Uploaded on 2019-03-29 in NEWS-Cybersecurity News, FREE TO VIEW

Cyber-attacks aren’t letting up, with corporate giants such as Facebook, British Airways and Marriott International all hitting the headlines in the last 12 months. Yet, despite publicity around these high-profile cases, for small businesses, it’s still tempting to think that cyber-attacks aren’t something that you really need to worry about.

Unfortunately, this couldn’t be further from the truth, with research showing that 42% of small businesses were hit by a cyber-attack in the last 12 months.

Smaller Businesses Soft Target for Hackers
By their very nature, small business owners are constantly spinning plates, so it’s no wonder that preparing for cyber incidents isn’t top of the to-do list. Yet, hackers have become wise to this, often seeing SMEs as a soft target, without the funds, time or knowledge to defend themselves.

Research shows that the majority of small businesses still aren’t taking the threat seriously. More than a third (37%) don’t have a cybersecurity plan in place and 40% per cent wouldn’t know who to contact if a crime was committed. With the average annual cost of a cyber breach standing at around £25,700, it is time to sit up and take notice.

Even if you have all the right technology and processes in place, sometimes you’re powerless to stop a breach. This is why an effective response plan is essential, enabling you to control the situation as quickly as possible, with minimum impact to you and your customers.

How to respond to a Cyber Attack
Want to make sure you’re prepared? Then, your cyber-attack response plan should include the following:

Arm Yourself with Knowledge
Speed is of the essence following a cyber-attack. You need to know what caused the breach, with a view to rectifying the problem quickly and ensuring it doesn’t happen again. As a small business, chances are you don’t have this expertise in house, so you should line up IT forensics experts for if and when you need them.

Your Legal Response
There are numerous legal issues to consider, particularly since the introduction of the GDPR last year. These include informing the Information Commissioner’s Office (ICO) of the breach, defending your business against any claims of malpractice, as well as managing your approach to customers and the media. For this, you’ll need a good lawyer, ready to support you from the moment you’re aware of the problem.

Handling Media queries
You could be the focus of media attention following a breach, so be ready to handle all external communications about what happened and how you’re responding. Again, time is of the essence, so you’ll need to have statements ready to go asap. If you don’t have your own PR expertise internally, make sure you have external support – whether an agency or experienced consultant, on speed-dial.

Informing Customers
Depending on your customer-base and the scale of the breach, you could have a lot of unpleasant phone calls to make! You’ll need to be ready with a way to handle this communication efficiently across numerous channels, including at least email and telephone. As a small business, this communication should be as personal as possible, but your lawyer will be able to advise on what you should and shouldn’t be saying.

Make Sure You’re Covered
If the worst does happen and you’re facing the repercussions, your final line of defence is a watertight and specialist cyber insurance policy. Bear in mind that policies can vary significantly, so be sure to seek specialist advice regarding the best option for your needs and how these might change over time. Some insurance policies will also offer an immediate response plan and external expertise as part of your cover, giving you one less thing to worry about. 

Finally, it is worth highlighting that the GDPR imposes the same responsibility on all businesses that handle personal data, irrespective of size. The potential impacts of a breach are great, with fines as much as €20m. So make sure you’re on top of cyber security, before it’s too late.

Training Your Employees and Yourself
Last, but certainly not least, you should first train your staff and management about Cyber protection and comprehension of cyber security. 
This can be done at low cost by taking focused on-line cyber security lessons for a few minutes every day for a few weeks and keeping everyone up to speed every few months by a few daily lessons on cyber security protection. 
The results reduce your cyber security risks significantly. 

Contact us at Cyber Security Intelligence for more information.

ByteStart:

You Might Also Read:

How To Develop Secure Cybersecurity Practices:


 

 

« Over 90% Of Security Pros Fear Insider Threats
Combining AI’s Power With Self-Centered Human Nature Could Be Dangerous »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Zadara Storage

Zadara Storage

Zadara provide complete data backup and protection delivered as a fully-managed service.

National Agency for the Security of Information Systems (ANSSI) - France

National Agency for the Security of Information Systems (ANSSI) - France

The role of Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) is to foster a coordinated, ambitious, pro-active response to cybersecurity issues in France.

CROW - University of Waikato

CROW - University of Waikato

CROW is the first cyber security lab established in a New Zealand educational institution at the University of Waikato.

Guardian360

Guardian360

The Guardian360 platform offers unrivalled insight into the security of your applications and IT infrastructure.

Equilibrium Security Services

Equilibrium Security Services

Equilibrium Security Services is a specialist cyber security company providing a full spectrum of IT security solutions from consultancy to design & implementation and managed security services.

Cyber Security & Information Systems Information Analysis Center (CSIAC)

Cyber Security & Information Systems Information Analysis Center (CSIAC)

CSIAC is chartered to leverage best practices and expertise from government, industry, and academia on cyber security and information technology.

SecureMetric Technology

SecureMetric Technology

SecureMetric is one of SE Asia’s leading players in the field of digital security with a focus on Software Licensing Protection, 2-Factor Authentication, Advanced Identity and Access Management, Publi

Cyber Security Centre - Daffodil International University

Cyber Security Centre - Daffodil International University

Cyber Security Centre, DIU is a non-profitable organization which is focused on applied research in cyber security.

Vuntie

Vuntie

Vuntie blend European craftsmanship, performance and open-source technology to deliver cybersecurity services including penetration testing, incident response, training and consultancy.

Empiric

Empiric

Empiric is a multi-award winning technology and transformation recruitment agency specialising in data, digital, cloud and security.

Jerusalem Venture Partners (JVP)

Jerusalem Venture Partners (JVP)

JVP’s Center of Excellence in Be’er Sheva aims to identify, nurture and build the next wave of cyber security and big data companies to emerge out of Israel.

Fluid Attacks

Fluid Attacks

Fluid Attacks specialize in red team operations as well as technology development that continuously enhance our security testing services.

Synamic Technologies

Synamic Technologies

Synamic Technologies was founded in 2018 as a start-up to automate cyber security processes. Our CISOSCOPE product automates vulnerability management, risk management and compliance.

Zephyr Project

Zephyr Project

The Zephyr Project strives to deliver the best-in-class RTOS for connected resource-constrained devices, built to be secure and safe.

Mage Data

Mage Data

Mage (formerly Mentis Software) is a leading solutions provider for data security and data privacy software for global enterprises.

Cybertech Nepal

Cybertech Nepal

Cybertech Nepal is committed to provide high-quality cyber security solutions, including server assessment and hardening, forensics and malware analysis, end-point threat analysis, and VAPT.