Prevention is always better than cure. In previous articles we have provided our 6 steps to make your #HardtoHack. Hopefully you have been following the tips we have made and you and/or your business are indeed “Hard to Hack.” Unfortunately, “Hard to Hack” does not mean “impossible to hack.” Regretfully there will probably come a time when you do suffer a cyber-attack. Human errors occur, technical vulnerabilities are not addressed, or cyber-criminals simply decided that they will achieve a hack on you at all costs. Any of these situations can lead to a cyber-attack.
In the unfortunate event that you do suffer a cyber-attack you need to consider incident response and incident recovery. Incident response concerns minimising the scope and scale of an attack. Incident recovery is about getting back to normal as quickly as possible – how can I get my laptop working again, or how can I get my business network operational again? If you are a business, these plans should be formalised and rehearsed.
So, what should you do?
Pause, breath, think. Use the response and recovery plans you have pre-prepared to help guide you through the incident. Pre-prepared plans are critical to ensuring an effective response. They provide a handrail to follow when immersed in stress, chaos and uncertainty, and assist you in doing the right things in the right order to ensure you do not miss or forget to do something. If it is your personal device that has been hacked, chances are you have not prepared a written plan; however, if your home lost electricity, I suspect you have the number of a trusted electrician on speed-dial. Who would you call, if your device had been hacked and was riddled with malware?
Act. Cut the head off the snake. Do what you can, as quickly as you can to stop the attack. The quicker you act, the greater the likelihood that you can minimise the scope and scale of a cyber-attack. For example, if a cyber-criminal has been able to gain access to your password and has access to your emails or bank account, the simple act of changing your password could break the chain and remove the cyber-criminal’s access. If you are a business speak with your cyber security department / provider as quickly as possible so they can assist in responding to the incident and minimising its impact.
Communicate. Who do you need to inform? If you are an individual, you may want to protect family and friends from being affected. You would feel awful if someone close to you experienced loss or hardship as a result of a cyber-attack transmitted by you. If you suspect an attack, a simple warning to be vigilant could be a good option. If you are business, you have a great many more obligations, which if you fail to act swiftly and decisively, could result in enforcement action or damages being levied against your business. You have an obligation, both morally and from a regulatory perspective to protect your staff, your customers and your suppliers. This means investing in cyber security in the first place, but also protecting individuals if a cyber-attack results in a loss of personal data. Where this is a high risk of danger or distress, a business must inform the individual as quickly as possible. Furthermore, if you are subject to either the UK or EU General Data Protection Regulation, you are required to report any personal data breach within 72-hours. You should also understand whether and how quickly you may need to inform you insurance company.
Restore. Hopefully you have been sensible and prepared for the eventuality that you may lose access to all your data. If you are an individual, you should hold an off-device back-up of anything you hold dear and/or would not wish to lose: photos, important documents etc. If you are business, you need to make sure that you have back-ups of your data offline and/or off network so that a full system restore can be conducted and you are safe in the knowledge that a cyber-criminal has not locked you out of or erased your back-ups.
Monitor. Once a cyber-attack has been discovered and fixed, it can be very difficult to understand fully what data could have been stolen, and whether “back-doors” may have been established to enable later access. As an individual, you should consider informing your bank and monitoring your bank accounts and credit ratings to check for any indicators of unusual activity. The same advice is equally applicable for a business, but you should also monitor the internet for any indications of adverse publicity or comments that may indicate corporate identity theft. This will enable the business to react swiftly, address any issues and control the narrative and in so doing minimise any further damage to strategic reputation.
Michael Wills is co-founder and chief data officer for CSS Platinum