Cyber-attacks are increasingly common, but many businesses are still in denial about the threat of being hit
Small businesses are particularly vulnerable, as they are often considered a soft target, without the funds, time or knowledge to defend themselves. Plus, with so many other things on their plate, it’s hard for small businesses to find time to think about cyber security, or plan for the aftermath of an attack.
Even with the best technology and security measures in place, sometimes you’re powerless to stop a breach. That’s why an effective response plan is essential, enabling you to control the situation as quickly as possible, with minimum impact to you and your customers. Yet, despite its importance, few small businesses have a contingency plan in place, putting them at risk of greater damage, higher costs and a bigger dent on your reputation.
Here are the key steps you should take to minimise the damage if your business is hit by a cyber-attack:
Find out what happened
Speed is of the essence following a cyber-attack. You need to know what caused the breach, in order to rectify the problem quickly, limit the impact as much as possible, and ensure it doesn’t happen again. There are a whole variety of ways your defences can be breached, including ransomware attacks, Distributed Denial of Service (DDoS) attacks, and social engineering attacks. In some cases, you’ll become aware of what has happened immediately, whereas in others, you may not find out until a later date, for example if customer details appear on the dark web. Either way, you need to understand what data has been compromised and how, so you can respond in the most appropriate way, and ensure it doesn’t happen again. As a small business, it is unlikely you’ll have this expertise in-house, so the best option is to bring an IT forensics team in, who will be able to investigate for you.
Secure your systems
Once you know what has happened and which areas of your system have been affected, you need to contain the breach, by isolating or suspending that particular area, or even your whole network. Don’t be too hasty about shutting everything down however, as that will tip the hackers off that they’ve been found out, making it hard to identify them and investigate what has happened. Instead it could be best to place an isolated VLAN or implement a firewall to prevent the compromised machine from communicating outside your company. At this stage you must also change all your administration and user passwords, in case any of those have been compromised.
As system downtime can be costly, this is where your back-ups come into play, enabling you to continue working and trading as best as possible, so as to minimise financial impact.
Consult a lawyer
If you have a lawyer already, then let them know what’s going on as soon as you’re aware of the problem. If you don’t already have legal support, you’ll need to arrange this quickly.
There are numerous legal issues to consider including whether to inform the regulator – the Information Commissioners Office (ICO) in the UK – as well as defending your business against any claims of malpractice and managing your approach to customers. You may also feel that your external IT provider has a case to answer in terms of protecting your systems and data sufficiently, so you could be the one taking legal action. If you do inform the regulator it is important to give them as much detail as possible about the breach and how your business prepared and responded, to minimise the likelihood of being found liable and hit with a nasty fine.
Prepare for media interest
Depending on the size of the breach and the nature of your business, you could be the focus of media attention, so be ready to handle all external communications about what happened and how you’re responding. Again, time is of the essence, so you’ll need to have statements ready to go as quickly as you can. If you don’t have your own PR expertise internally, external support is a good option – whether an agency or experienced consultant.
Inform affected customers
However uncomfortable it might be, if customer data has been compromised, you need to inform those affected – or who could potentially be affected – asap so they can take any necessary actions to minimise the damage. Communicating in a timely and transparent way is important from a reputational perspective and to minimise the potential impact on your customers. Consider all the channels available to manage this communication, including email, telephone and social media, ensuring people are aware of the situation and can speak to somebody if they have any questions. As a small business, this communication should be as personal as possible, but your lawyer will be able to advise on what you should and shouldn’t be saying.
Claim on your insurance (if you have it)
Cyber-attacks and data breaches can be costly, from extortion costs involved in ransomware attacks, to system downtime, legal and compensation costs, PR expenses and fines from regulators (in Europe the General Data Protection Regulations will increase fines to as much as €20m or 4% of turnover). But thankfully, you may find your business insurance provider will pick up the bill. If you have professional indemnity insurance, cyber risks may well be included, or you may have a specialist cyber liability policy. If so, this is your final line of defence. Some insurance policies will also offer an immediate response plan and external expertise as part of your cover – so much of the initial activity will be arranged for you too.
Carry out a full investigation
Your business has survived to fight another day, but you might not be so lucky next time. Use this as an opportunity to carry out a full investigation into the reasons behind the breach, to assess how your business responded and review what more you can be doing to protect your business.
About the Author
Ben Rose is Insurance Director at Digital Risks, the first insurance provider to focus 100% on the needs of digital native businesses.