#1275901: How a small business should respond to a hack

Description: With small business finding itself in hackers’ crosshairs as much as the big boys, it’s imperative to have an immediate response plan in the event of an attack.

Hacks and data breaches are, unfortunately, part of doing business today. Ten years ago, it was the largest corporations that were most targeted by hackers, but that has changed. As large organizations have improved their cybersecurity, and more and more small businesses go online, hackers have shifted their attention to smaller targets.

The threat
Putting numbers on the scale of cybercrime is difficult, not least because many companies are resistant to acknowledging that they've been hacked. A huge study from 2010, though, conducted by Verizon working in conjunction with the US Secret Service, found that even then smaller businesses were under huge threat from cybercriminals: over 60% of the data breaches covered in that report were from businesses with less than 100 employees.

Since then, new types of cyberattack have emerged, many of them designed to be deployed against smaller businesses who cannot afford sophisticated network security infrastructure. These new attacks add to a threat profile that still includes attacks that have been common for years, including email and phishing scams that specifically target the employees of small businesses.

The consequences of a cyberattack on a small business can be catastrophic. Large companies can typically absorb the fines and reputational damage done by a data leak, but smaller businesses cannot. The National Cyber Security Alliance has recently released statistics that show 20% of small businesses experience such an attack every year, and that 60% of these businesses were forced to close within 6 months of being hacked.

Preparation is key
If your business gets hacked, what is the best way to respond?

Well, in truth, if you are asking that question just after a hack, it's too late. The key to avoiding attacks is to take preventative measures before they happen, and also to make sure that your response – should the worst occur – is also prepared.

If you are reading this article, you are likely to be taking your cybersecurity seriously already. For that reason, I won't go through the basic steps you should be taking to stop cybercriminals. Except to say that, whatever the size of your business, you shouldn’t make a hacker's life easier by leaving network ports open, and you should use a good quality VPN that doesn’t leak data - comparison research conducted through VPN reviews are a quick way to narrow the choices if you’re unsure which to choose.

Responding to an attack starts long before it occurs. You should – if you haven't already – put in place an action plan for responding to an attack. All staff should know what is expected of them if the worst occurs, and particularly how to respond to customers who might be worried about their personal data being stolen.

You should also prioritize the parts of your business that are most at risk during a cyberattack and focus your security measures on them. Many small businesses cannot afford to invest in sophisticated security measures for the whole of their IT infrastructure, but you can protect the systems and databases that contain the most sensitive information. Regular audits of the information you hold will also help you to identify exactly what has been stolen and will also help law enforcement track down the culprits.

Responding to an attack
When it comes to your response to an attack, you should break this into short, mid, and long-term tasks.

First, it's important that all of your staff know how to identify a hack at the earliest possible opportunity. If you can catch an attack whilst it is still in progress, all the better: this might allow law enforcement to identify the criminal immediately.

You should also avoid the temptation to take all of your systems offline, because this will immediately tell the hacker that they have been spotted. They will then do as much damage as they can, and then fall silent. Instead, in the short term you should identify the parts of your system that have been affected by the attack, and isolate them from the rest of your infrastructure.

You should also tell law enforcement agencies as soon as you know you are the victim of a hack, and share as much information with them as you have. This will help them to identify the culprit, but it also has a number of other advantages. Telling the authorities about a hack will also protect you legally, and you can work with the police to protect your customers. It will also help to limit the damage to your reputation, because your customers will see that you are taking the necessary steps to keep them safe.

In the mid-term, you need to do some detective work. You should identify how the attacker was able to gain access to your system and close any security holes you find. You should also restore your data from your backups, but not until you are sure that your system is safe again.

In the long-term, you should also assess how you responded to the hack. If approached correctly, even a damaging hack can bring some benefits. If you are able to use the incident as a learning opportunity for staff, and to improve your incident response measures, then you will be better protected in the future.

Bad news, good news
Getting hacked can be one of the most stressful times of your life. This is particularly true if you are responsible for a small business, because in addition to reputational damage you may have to pay fines. That's the bad news.

The good news is that, if you are reading this article before you get hacked, you should now have an idea of how to prepare for one. Make sure you are taking all the reasonable countermeasures you can, and have an incident response plan in place, so – at least – you'll know what to do when the time comes.
More info: https://www.csoonline.com/article/3437777/how-a-small-business-should-respond-to-a-hack.html

Date added Sept. 11, 2019, 1:12 p.m.
Source CSO Online
Subjects
  • Incident Response / Incident Handling
  • Latest Global Security News