When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Whether youre a small business or a multinational conglomerate, the threat of a cyber attack is potentially ruinous.
Maybe it’s a ransomware popup or aphishing emailfrom another internal email address.
You think your companys been hacked.
It may feel like the worlds ending, but heres the first rule of thumb: dont panic.
Yes, time is of the essence, but making decisions without thinking them through really wont help.
How you proceed from there depends massively on how the incident is unfolding.
If you don’t have an incident response plan, check out tip #6.
It may feel like the worlds ending, but heres the first rule of thumb: dont panic.
So, the clock is ticking, but you dont want to blow the element of surprise.
In this situation, the attackers know that you know theyre in your web link.
Also, start a timer from the moment you report to your incident response team.
Ill talk more about why thats necessary in tip #4.
The value of the IRP is that its well-researched, practiced, and easy to follow.
You should not be writing or rewriting your IRP in the middle of a crisis.
Something vital to take into account is that youre now essentially working in a crime scene.
How you preserve evidence may be vital for establishing a chain of custody down the line.
As such, never work on any live systems until youre ready to start rolling back.
Its unfortunate, but it happens.
You want to execute with as little downtime as possible.
This is particularly vital as their expertise can save you a whole load of money.
Not all ransomware gangs use bespoke software developed inhouse to carry out their attacks.
Again, you dont want to spend the time looking into this.
Then theres the issue of daily exchange limits, coin exchange fees, and so on.
Its not something you’ve got the option to make happen on the spot.
Secondly, your insurer will have experience dealing withcrypto-criminals.
You then need to assess whether or not the data breach could pose a risk to the individuals affected.
The trickier question is when and how you disclose to your customers that their data may have been accessed.
If you assess that the breach passes the bar, youre compelled to inform them without undue delay.
Again, there is some leeway here.
Theres a legitimate argument to be made for delaying the disclosure to those involved.
This argument is much less likely to work on the ICO if youre the victim of a ransomware attack.
Its not as simple as rolling back to backup images made a week before the breach.
Once youre on the other side of an incident, documentation is key.
Did the lines of communication work effectively?
Did the external stakeholders perform within your expectations?
Was any individual or team saddled with too much responsibility?
Did anyone burn out?
What if I don’t have an incident response plan?
If youre not currently in a cyber attack scenario, great!
A cybersecurity breach is pure stress.
Unfortunately, a lot of this advice boils down to Be prepared ahead of time.
