What Should You Do If Your Business Is Hit By A Cyber Attack?

Cyber-attacks aren’t letting up, with corporate giants such as Facebook, British Airways and Marriott International all hitting the headlines in the last 12 months. Yet, despite publicity around these high-profile cases, for small businesses, it’s still tempting to think that cyber-attacks aren’t something that you really need to worry about.

Unfortunately, this couldn’t be further from the truth, with research showing that 42% of small businesses were hit by a cyber-attack in the last 12 months.

Smaller Businesses Soft Target for Hackers
By their very nature, small business owners are constantly spinning plates, so it’s no wonder that preparing for cyber incidents isn’t top of the to-do list. Yet, hackers have become wise to this, often seeing SMEs as a soft target, without the funds, time or knowledge to defend themselves.

Research shows that the majority of small businesses still aren’t taking the threat seriously. More than a third (37%) don’t have a cybersecurity plan in place and 40% per cent wouldn’t know who to contact if a crime was committed. With the average annual cost of a cyber breach standing at around £25,700, it is time to sit up and take notice.

Even if you have all the right technology and processes in place, sometimes you’re powerless to stop a breach. This is why an effective response plan is essential, enabling you to control the situation as quickly as possible, with minimum impact to you and your customers.

How to respond to a Cyber Attack
Want to make sure you’re prepared? Then, your cyber-attack response plan should include the following:

Arm Yourself with Knowledge
Speed is of the essence following a cyber-attack. You need to know what caused the breach, with a view to rectifying the problem quickly and ensuring it doesn’t happen again. As a small business, chances are you don’t have this expertise in house, so you should line up IT forensics experts for if and when you need them.

Your Legal Response
There are numerous legal issues to consider, particularly since the introduction of the GDPR last year. These include informing the Information Commissioner’s Office (ICO) of the breach, defending your business against any claims of malpractice, as well as managing your approach to customers and the media. For this, you’ll need a good lawyer, ready to support you from the moment you’re aware of the problem.

Handling Media queries
You could be the focus of media attention following a breach, so be ready to handle all external communications about what happened and how you’re responding. Again, time is of the essence, so you’ll need to have statements ready to go asap. If you don’t have your own PR expertise internally, make sure you have external support – whether an agency or experienced consultant, on speed-dial.

Informing Customers
Depending on your customer-base and the scale of the breach, you could have a lot of unpleasant phone calls to make! You’ll need to be ready with a way to handle this communication efficiently across numerous channels, including at least email and telephone. As a small business, this communication should be as personal as possible, but your lawyer will be able to advise on what you should and shouldn’t be saying.

Make Sure You’re Covered
If the worst does happen and you’re facing the repercussions, your final line of defence is a watertight and specialist cyber insurance policy. Bear in mind that policies can vary significantly, so be sure to seek specialist advice regarding the best option for your needs and how these might change over time. Some insurance policies will also offer an immediate response plan and external expertise as part of your cover, giving you one less thing to worry about. 

Finally, it is worth highlighting that the GDPR imposes the same responsibility on all businesses that handle personal data, irrespective of size. The potential impacts of a breach are great, with fines as much as €20m. So make sure you’re on top of cyber security, before it’s too late.

Training Your Employees and Yourself
Last, but certainly not least, you should first train your staff and management about Cyber protection and comprehension of cyber security. 
This can be done at low cost by taking focused on-line cyber security lessons for a few minutes every day for a few weeks and keeping everyone up to speed every few months by a few daily lessons on cyber security protection. 
The results reduce your cyber security risks significantly. 

Contact us at Cyber Security Intelligence for more information.

ByteStart:

You Might Also Read:

How To Develop Secure Cybersecurity Practices:


 

 

« Over 90% Of Security Pros Fear Insider Threats
Combining AI’s Power With Self-Centered Human Nature Could Be Dangerous »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Spambrella

Spambrella

Spambrella provides email security with real-time threat protection. 100% SaaS (nothing to install)

HUB International

HUB International

HUB is one of the largest insurance brokers in the world. HUB Risk Services provides the full range of expert consulting to identify risks, reduce exposure to loss and manage claims issues.

ISACA Conferences

ISACA Conferences

ISACA is dedicated to offering the most dynamic and inclusive conferences to keep you abreast of the latest advances in IT and Information Security.

CybelAngel

CybelAngel

CybelAngel is a leading digital risk protection platform that detects and resolves external threats before these wreak havoc.

Infigo IS

Infigo IS

INFIGO IS specializes in information security consulting services. Our employees are leading information security experts in Croatia.

SyncDog

SyncDog

SyncDog is a leader in enterprise security and the preeminent vendor for containerized mobile application security across cloud & on-premise computing environments.

LogMeIn

LogMeIn

LogMeIn makes it possible for millions of people and businesses around the globe to do their best work simply and securely—on any device, from any location and at any time.

Cognyte

Cognyte

Cognyte is a global leader in investigative analytics software that empowers a variety of government and other organizations with Actionable Intelligence for a Safer World.

Athreon

Athreon

Athreon utilizes a fusion of AI technology, human interpretation, and the latest in cybersecurity to deliver sound business solutions that help our clients make better data-driven decisions.

Internet Crime Complaint Center (IC3)

Internet Crime Complaint Center (IC3)

The Internet Crime Complaint Center provide the public with a reporting mechanism to submit information to the FBI concerning suspected Internet-facilitated criminal activity.

QGroup

QGroup

QGroup has been re-designing the consultancy industry since 2012. We're a rapidly expanding group of consulting companies that deliver bespoke IT services including cybersecurity.

ImmuniWeb

ImmuniWeb

We Simplify, Accelerate and Reduce Costs of Security Testing, Protection and Compliance.

Infisign

Infisign

Infisign addresses the challenges of traditional IAM systems and offers a comprehensive solution for modern identity management.

AUCloud

AUCloud

AUCloud is a leading Australian cyber security and secure cloud provider, specialising in supporting businesses and Governments with the latest cloud infrastructure.

SafeLiShare

SafeLiShare

SafeLiShare’s data security platform unifies encryption strategies for organizations with hybrid and multi-cloud infrastructures, ensuring data is secure regardless of its location.

Appranix

Appranix

Appranix delivers Cloud App Resilience with app-centric entire cloud resources backup, restore, and cross-region disaster recovery.