Posted on December 6, 2019 by Louise Howland
Most organisations will fall victim to cybercrime at some point. There are a few steps that are important to take to minimise the effects of a breach and to help protect against future attacks. Here is our advice for what your organisation should do in the event of a cybersecurity breach.
In an emergency, speed is a factor that affects the impact of the breach. By reacting quickly to cybercrime, the duration of an attack can shorten and thus lessen the impact. If you accidentally click on something that is suspicious or unusual in your emails, you may be affected by malware. In this situation make sure that you act quickly and turn off your device and raise the alarm with your IT department or provider. Your IT provider may advise you to disconnect any potentially affected devices from the network/internet, to reduce the risk of the spread if someone accidentally turns on the device.
As the immediate spread of risk has been removed, find out what has happened and how. It’s important to record and find out as much information as possible to trace where the malware first appeared. This will require some time and information from users so that steps can be taken to prevent a repeat attack.
Although some machines will have been obviously affected by the cyber problem, it is key to check that no other systems have been affected, this might include cloud-based storage that a user might sync data with. It is ideal to have all the systems on the network scanned to give an accurate indication of all the machines affected.
You also need to think about whether or not you need to communicate with your clients/stakeholders. If service has been denied, if there’s a risk of spreading the attack, or if client details have been compromised, this requires careful thought about how and when you communicate the details of the attack and the remedial steps you’ve taken.
Cybercrime is serious, but it is often overlooked by people because of the nature of the crime. Calling the police or Action Fraud should always be part of your plan of action if you are affected by cybercrime.
Cybercrime Insurance is available. Make sure to call your insurance broker to check your policy protection. If your bank account has been affected it is important to speak to your bank to see if the funds are recoverable.
Finally, and importantly make sure you report any data breaches to the ICO (Information Commissioner’s Office), as to comply with GDPR you must ensure they are notified of any breaches.
After the attack and everything has been sorted it is important to analyse the breach in detail. By doing this, it highlights what needs to be done in the future to prevent this attack from happening again. This can also highlight any cybersecurity training that needs to be taken on by staff.
Always remember that prevention is better than cure.
Read our cybersecurity action plan guide for more detail