Companies rely on information to do business. Not just what comes from their marketing campaign, but also all the personal and shopping data they collect from their customers.
Safely using and storing this information is vital to the security of your clients and customers as well as your company’s reputation.
However, should you become a victim of a cyber-attack, what should you do to minimise the damage?
Take Everything Offline
As soon as you suspect that your systems have been attacked, it is vital that you take all your services offline as quickly as possible. If someone has managed to access your data, you need to limit the amount of information they get.
It is also important so that you can quickly assess and block the entry point. It might be that you acted quick enough to stop any data from being taken. However, you should still check everything to ensure that nothing is lost.
Inform the Authorities
Whether you are a large company or a small business, stealing or attempting to steal someone’s data is a serious offense. The authorities need to be informed so that they can commence an investigation.
You will need to make all your systems and data available to the authorities, so they can see where any entry has occurred and hopefully trace it back to the perpetrator.
It is also a good idea to keep any logs or CCTV footage as well just in case there were any internal security breaches.
Inform Your Customers
Informing your customers is vital, you need to prepare a statement that outlines what has happened and any potential data that has been lost.
Even if you are not sure if any data has been lost, or what details they may contain, your customers need to be aware so that they can monitor their banks to see if any suspicious activity has taken place.
Your customers and clients may have questions that they want to ask. So you should also have a dedicated email or telephone line established to field such queries.
Finding Evidence
Your company will need to establish how and when your security was breached. It is also important to ascertain whether the breach was external or internal to your company.
Some companies offer computer evidence recovery services that can help you and the authorities discover any potential evidence. They can then provide that to you so that you can see if there are any obvious suspects.
Review and Strengthen Your Procedures
Before you put your services and systems back online, it is important to do a thorough audit of all the procedures and safeguards you have in place. Some companies can come in and check your systems and advise on how they can be improved.
Only when your systems are modified and secured, should you recommend your services.
Having clear and effective procedures in the event of a cyber-attack will ensure that as little data as possible is lost. It will also help to give your customers and clients confidence in your company.
