If your business was targeted by cyber criminals tomorrow, would you know what to do? Research conducted by the Australian Cyber Security Centre (ACSC) (the Australian Government’s cyber security agency) found that 62% of Australian SMBs they surveyed had experienced a cyber security incident. Despite this, 1 in 3 SMBs surveyed in the Business Intelligence report on Managing Risks Online said they wouldn’t know what measures they need to take if their business experienced a cyber attack.
Whether you only use email occasionally or run every element of your business online, risks and vulnerabilities exist. If your business is breached, you’re likely to experience unexpected downtime and lost productivity. That’s why, as well as knowing how to protect your business, it’s important to know what to do after an attack so you can get back to work.
Here are the steps to take to make a draining and costly experience a little smoother if you’re targeted in the future.
Step 1: Confirm
“The first thing to do in the event of a cyber security attack is to get confirmation of the attack and determine what, if any, information has been exposed or potentially stolen, and attempt to contain the breach ,” advises Matthew O’Brien, Telstra’s Cyber Security Executive.
A slow computer, excessive attempts to connect with your domain, unusual network traffic, unrecognised login attempts and suspicious emails or attachments are among the signs your business has been hacked.
For George*, the owner of a balloon supply company, the first sign of a problem was when his orders stopped one day. A quick investigation showed his server had been hacked, and the homepage of his website was taken over with a message from hackers. Establishing the situation early helped him to get on top of the reporting and recovery process.
Step 2: Report
If you confirm a breach has occurred, it’s important to be across the local legal requirements around disclosing it to industry bodies and the government.
There’s a mandatory breach notification that applies to small businesses with a turnover of more than $3 million. But regardless of your turnover, it's widely considered best practice to report a breach to relevant authorities. “We believe notification is in the best interest of the business,” Matthew O'Brien says. “It’s also worth noting that if a company has a cyber insurance policy that covers them financially in the event of a breach, failure to notify may void the policy.”
According to the ACSC’s Cybercrime in Australia July to September 2019 report, here are some steps you might take if you’re the victim of an online attack:
- Report the crime to ReportCyber, which directs your incident to a local police specialist.
- Contact your bank if your financial information has been compromised.
- Contact IDCARE’s Identity and Cyber Security Counsellors or download their Cyber First Aid Kit if your identity has been stolen.
- Report it to the Office of the eSafety Commissioner. Keep a record of any offensive, illegal or abusive content that may be relevant.
- Report scams to Scamwatch when you receive a suspicious email or text.
Step 3: Repair
You’ll want to try and fix the damage caused by a cyber attack straight away. Identifying and closing the breach entry point may call for an experienced partner who can help you understand the risks associated with any lost data and form an action plan, including who to notify. Trying to patch things up alone may leave your business exposed to threats again in the future.
For George, this was an expert who helped him to move his website to a cloud host after the company who originally built it washed their hands of the repair job. Over the years, he’d recruited different IT help to assist with ad hoc changes – the result was a website “stitched together with sticky tape”, and with no back-up. Knowing what he knows now, the message he’d give his past self is to set greater expectations for the suppliers he works with.
Step 4: Communicate
When it comes to communicating a data breach to customers, there are legal requirements that vary depending on where you are and the size of your business. But even if you don’t have any legal obligations to do so, you might still make the choice to inform your customers of the incident. This gives them the opportunity to do things like change their passwords or check any suspicious activity on their own accounts.
“The number one critical item all businesses should have is a response and communication plan. My belief is that, as good corporate citizens, it is incumbent on all businesses to notify their customers if they believe their personal information has been breached.”- Matthew O’Brien, Cyber Security Executive, Telstra
While these steps will strengthen your cyber security strategy to help you recover from incidents, you’ll be much better prepared to handle the fallout of a cyber attack if you’re proactive – not reactive – in how you think about online security. This is why it’s important to build your knowledge of cyber threats to simplify what’s becoming an increasingly complicated space. With that awareness, you can engage confidently with the right partners and suppliers to come up with a holistic, proactive cyber security strategy that saves you time and money, and evolves as your business needs do.
Prepare now to avoid – or deal with – an attack later
- Get familiar with the Privacy Act and requirements around disclosing a data breach to customers, industry bodies and the government.
- Consider purchasing a cyber insurance policy that can cover your business in the event of a breach, if you don’t already have one.
- Research the financial consequences if consumer information is compromised in a breach.
- Develop a clear response, recovery and communication plan. Here’s a helpful starting point.
- Protect against attacks before they happen. Engage experts to help you come up with a holistic, proactive security plan to serve your current and future business needs.
*Not his real name.