With cybercrime on the rise globally, most businesses have recognised that it is simply becoming a matter of when, not if, they will fall victim to an attack.
Therefore, it is so important to have a clear response plan in place so you know exactly what to do if there is an attack or a data breach on your business.
Here are six steps to help your business respond to a cyber attack.
- Trigger your crisis response plan
It is important to have a sound crisis response plan in place which outlines how your business will respond to a cyber threat or attack, who will take action and what their roles will be. Enacting this plan can help to lockdown the business system to secure your data, minimise damages and get your business back up and running as soon as possible. You can learn more about ways to prevent a cyber attack in this article we have written.
- Contact your insurer or insurance broker
You should contact your cyber insurer or insurance broker immediately following an attack. Your insurer may be able to appoint an experienced forensic expert to investigate the attack for you including identifying how it occurred and what damage has occurred. They can also suggest other remediation steps you can take.
At this stage, you may also want to seek professional and legal advice about disclosing the breach to key stakeholders, regulators and affected customers and staff. You can also report the attack to the Australian Cyber Security Centre (ACSC) which is the Government agency to improve cyber security in Australia. By reporting your attack you can help the ACSC identify tactics and trends in cyber crime and prevent this happening to other individuals and businesses.
- Restore stolen data from backups
Ideally you will have recently backed-up your data on offsite servers that are not connected to the main business network. That way, if criminals do manage to enter your business system, they cannot access back-ups and delete them. This means in the event of a cyberattack, the business can be back up and running very quickly, using the most recent back-up.
- Make a decision about paying a ransom
In general, it’s not advised to pay criminals a ransom after an attack. But in some circumstances, you may have no choice but to do so. This is usually when businesses have not adequately backed up their data, and paying a ransom is the only way to get access to it.
If paying a ransom is your only option, your insurer may require proof the criminals are in possession of the data before they release any funds.
- Implement a post-recovery plan
Before you get back to business, it is important to conduct a thorough health check of the business network and systems. In some cases, an initial attack could be a distraction from a larger breach to a different part of the system, so it is important to have an IT specialist assess the entire system. Employing new anti-virus anti-spam (AVAS) software may also be required.
Following a data breach, your business reputation may also be damaged among your clients and other stakeholders. Sharing clear and timely communication with all affected parties about the actions you’ve taken to protect or recover their data, and how you will better protect your business in the future can help to restore your relationships and reputation.
- Check the network
After an attack, it is advisable to engage IT specialists to perform regular scans and penetration tests on the network to identify and fix any vulnerabilities in the system. This will reduce the risk of future cyber attacks.
To learn more about cyber insurance to protect your business, contact our team of experienced brokers today.