Issues of cyber-security aren’t going away any time soon. Cybercrime is on the rise — up over 60% in the past five years, with damages running into the billions. A business that doesn’t take measures against possible cyber-attacks is asking to become a statistic.

But no defense is perfect. What if you’ve taken preventative steps and they weren’t enough? What do you do when you find out you’ve already suffered a data breach, malware infection, or other cyber-attack? The steps you take next could mean the difference between a manageable setback and a catastrophic loss from being hacked.

hackedStick to the plan

Assuming you already have a response plan put together for how to deal with the attack, now is not the time to abandon it. Being the victim of a cyber-attack can be hugely stressful and fear-inducing, and it’s natural to want to do anything to make the problem go away as quickly as possible. But it’s important not to panic.

If your business is being ransomed, it may be tempting to pay the ransom just to get it over with. But the FBI strongly discourages paying ransom, as it is no guarantee of relief and only encourages further attacks.

If you have an incident response plan in place, now is the time to implement it. If you don’t, it may be time to get outside help with managing your security.

Get informed

Whether you’re handling the problem in-house or with the help of a third party, you’re going to need to gather all the facts to find out just what went wrong, and why:

  • What’s the nature of the attack? Ransomware, data breach, malware infection, hacked website?
  • What was the vector of the attack? Was it a software vulnerability, a phishing attack, or some other type of incident? Most cyber-attacks come in some form of social engineering, relying on user error or deception in order to gain access.
  • What’s been compromised? Has user data been exposed, and if so, how much?

Getting the answers to these questions will be vital in figuring out your next steps.

Address the issue

Once you have a handle on the problem, it’s time for you and your cyber-security team to “close the door” on your vulnerability. This could mean everything from using anti-malware software to scrub your machines, to cleaning up false user accounts, to fixing security vulnerabilities in your CMS or project management software.

Once the hole has been patched, it will be time to do a full security audit on your systems. Changing passwords, assessing user privileges, updating software and containing any other damage will be vital to restoring your security. You may also need to contact your web host to inform them of the breach, if they don’t know already.

Most likely, your day-to-day operations will be impacted as your business runs at higher security levels than normal. It may take some time before things get “back to normal,” so patience is advised.

Inform others

Now comes the more difficult part — informing your customers of any breach of their privacy that may have occurred. It can be tempting, especially for smaller business owners, to hide being hacked from customers, but it’s a bad idea from a legal, ethical, and practical perspective.

Customers deserve to know if their private information has been leaked, and if so, what kind of information and how much has been exposed. You should send clear written notification to customers informing them of what’s happened and how you’re managing the situation.

Depending on the circumstances, you may also need to contact law enforcement. It’s also a good idea to contact an attorney who specializes in internet law, to make sure your responsibilities are well-covered.

Further preventative measures

Once the immediate emergency is over, it will be time to do what you can to protect yourself from being hacked in the future.

  • Gather your employees and go over the incident and discuss how to handle it more efficiently in the future. Your staff may also benefit from employee training or a refresher course on best practices for cyber-security. One of the most common vectors for malware infection is users clicking on a malicious URL in their email.
  • If you don’t already have a skilled cyber-security expert on staff or retainer, now might be the time to consider hiring one or sending in-house staff back to school to get the training they need to better protect your business moving forward.
  • If you had a response plan in place, now is a great time to give it another look and see how it could be improved or made more efficient.
  • If your company has suffered damage to its reputation because of a data breach, you will want to take steps to reassure both current and potential customers that you’re doing everything you can to prevent it from happening again.