In the digital age, the threat of cyber attacks looms over businesses of all sizes. Despite taking preventive measures and obtaining cyber liability insurance coverage, the reality is that cyber events can still occur. What happens next is crucial for minimizing damage and recovering swiftly. In this blog post, we’ll guide you through the immediate steps you need to take upon becoming aware of a cyber event.
Recognizing the Signs of a Cyber Event
Cyber events often unfold in a similar pattern. An administrative or accounting staff member may notice unusual activity when logging into the company’s systems. Messages demanding payment to unlock files, encrypted data, or a mysterious screen with unfamiliar text can be indicators of a cyber attack, such as ransomware.
Immediate Mitigation: Preventing Further Damage
The first and most critical step is to mitigate further damage. Begin by systematically shutting down as many non-essential systems as possible. Consider the architecture of your network and identify critical infrastructure that must remain operational for safety reasons, especially in environments like hospitals or industrial settings.
If there’s any potential for physical harm or risks to the environment, contact appropriate first responders, such as the police or fire department, to ensure immediate safety. Simultaneously, notify on-site users not to log in or enter sensitive information and communicate with remote workers to keep them informed.
Secure backup servers, tapes, and files without attempting to restore systems at this point. Identify and log out of third-party systems, especially cloud platforms, to prevent the threat from spreading. Disconnect devices from the internet to minimize the attack’s reach.
Protecting Customer-Facing Resources
After safeguarding internal systems, focus on external-facing resources. Notify web hosts, server operators, and any third-party technical advisors about the cyber event. Consider reverting your website to a static front page to avoid displaying the cyber attack externally. Provide a minimalistic presence with a phone number for inquiries, ensuring clients and visitors can still reach you.
Inventory and Device Disconnection
Create an inventory of logins for various platforms and be vigilant about login attempts, especially if two-factor authentication is in place. Disconnect devices from the internet to prevent external access. If applicable, disconnect from other business locations to contain the impact and communicate the situation to users in those locations.
Preparing for Notifications
As the immediate threat is addressed, prepare for notifications. Notify local staff about the situation and create a message for incoming calls, informing callers of the ongoing issue and assuring them that you are working to resolve it. Keep a log of incoming calls for future follow-up.
Notification Protocols: Insurer and Attorney
Simultaneously, notify your insurer and attorney promptly. These initial steps are crucial for preparing for the next phases of response. Your insurer will play a vital role in engaging third-party cyber defense expertise and guiding you through the process.
Engaging Cyber Defense Expertise
Cyber defense expertise is essential for analyzing the situation and planning the next steps. Your insurer may engage a third-party cyber defense firm to assess and mitigate the cyber threat. Connect your technical and management teams with these experts promptly.
Vendor and Client Notifications
Consider notifying vendors and key clients about the cyber event, especially if there is a risk of data loss. Encourage them to secure any shared data and collaborate on potential data restoration efforts.
Revenue Stream Restoration
Evaluate the impact on revenue streams. Explore alternative methods to collect revenue, such as PayPal, courier-delivered checks, or other merchant account options. Preserving revenue during downtime is crucial for sustaining the business.
Identification and Recovery
As the dust settles, focus on identifying the extent of data loss. Work with the third-party cyber defense experts to understand what data is damaged or lost. Identify revenue losses, both immediate and potential, and assess other indirect losses, such as public relations risks or harm to employee confidence.
Preserving Valuable Resources
Protect accounts receivable, future business with clients and vendors, and key staff. Mitigate future losses by addressing these key resources promptly. Recognize the potential impact on client relationships, vendor collaborations, and employee morale.
Learn and Plan for the Future
Following the immediate response, assess the situation and learn from the experience. Plan for the future by reinforcing cybersecurity measures, regularly conducting drills, and ensuring that all staff members are aware of cybersecurity protocols.
While a cyber attack is a challenging event, swift and well-coordinated actions in the initial hours can significantly impact the outcome. Stay vigilant, communicate effectively, and leverage the expertise of cyber defense professionals to navigate through and recover from a cyber event. Remember, preparation is key, and having a response plan in place can make a crucial difference in mitigating potential damages.