• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Red Sift Blog

Red Sift Blog
  • redsift.com
  • Featured
  • Who are we?
  • Get in touch
You are here: Home / Cybersecurity / Don’t hit the panic button: What to do if you think you’ve been hacked

Don’t hit the panic button: What to do if you think you’ve been hacked

by Clare Holmes
March 28, 2019August 16, 2022Filed under:
  • Cybersecurity

There’s a lot of hyperbole and alarmism within our industry. At times this can be self-defeating, muddling the email security must-haves with the not-so-necessaries, and leaving CISOs, CIOs, and IT Managers resenting the would-be protectors almost as much the hackers attacking them.

Hence why it’s important to stick to the facts around the risks posed to your business. The Government tells us that more than two in five UK businesses uncovered breaches in 2018. Given that it takes an average of almost 200 days after the initial occurrence to identify a typical data breach, combined with the truth that not every breach is reported, it seems reasonable to estimate that more than half of UK businesses are being hacked every single year.

Creating your response strategy

Now, alarmism aside, this means your business is odds-on to be attacked before Santa Claus next comes to town, making it the ideal time to audit your existing cyber defenses and ensure you’ve taken every step to minimize the potential entry avenues that could be exploited by hackers.

But it’s also high time to create a response strategy in preparation for the event that your business is penetrated at some stage in the future. After all, blind panic is rarely a helpful form of remediation, and a great many companies manage to escalate potentially serious cyber scenarios to out-and-out crises by failing to keep a cool head and thus missing vital response steps – some of which carry their own legal or regulatory ramifications.

So, below we’ve included a walkthrough of how to avoid panic and address the essentials should you discover that you’ve become a hacking victim:

  • Close the door: If it’s an individual machine that’s been compromised, disconnect it from the internet and other machines. If you fear multiple points of entry, consider what needs to be disconnected and for how long, to assess the extent of the attack. In extreme cases, a temporary shut-down may be the only viable means of isolating the incident.
  • Alert the leadership: Businesses need to assume collective responsibility for cyber breaches from the top down – this is too big a burden to be born by the IT department. Making the wider leadership team aware of the issue is an essential early step, given the range of compliance procedures that will have to be fulfilled further down the line.
  • Assess the damage: This may be easier said than done if a hack attack is widespread, but you should attempt to get an early read on the level of damage as this will inform the steps that must follow around comms and legal proceedings. If a broader assessment is needed, assign a team to investigate more thoroughly and/or bring in a trusted third-party to help undertake the work and arrive at certainty.
  • Seek legal guidance: You should talk to your company’s legal team about cybersecurity irrespective of whether you’ve been hacked, in order to formulate a response plan covering as many types of breach as possible. This gives your legal eagles the chance to construct well-considered guidance for each scenario about the necessary remedial steps that must be taken to. If in doubt, when the attack happens, get your legal team on the phone at the earliest opportunity.
  • Internal and external comms: Every hack will have different ramifications, but it’s likely that employees will have to be informed as quickly as possible – particularly if they need to change practises/behaviours as a consequence. It may be necessary to communicate the information to suppliers, as many cyberattacks originate within firms’ broader supply chain networks. Finally, from regulators to insurers to the media, it’s crucial that your communications strategy considers every audience that needs to know about the hack. Do some advance planning and formulate a communications strategy – again based on a variety of incident types – with a clear timeline for engaging each audience in each circumstance.
  • Tell your customers/the public: Informing your customers, or the public at large, should form a central part of the communications strategy. However, it’s worth singling out this audience, as it’s your customers that need to be kept on-side at all costs, particularly if their data has been compromised. Many companies suffer far more reputational damage in the aftermath of a breach than they do during the attack itself, almost always due to a failure to communicate clearly, quickly, and honestly with the audiences that matter most.
  • Review the causes, plug the gaps: Being hacked once doesn’t make you immune to the risk of future attacks. In fact, if there’s a vulnerability in your organizational defences, whether the result of a poorly patched network of machines or a lack of employee awareness, then hackers will go on exploiting it until the vulnerabilities are eradicated. So once the above mitigation steps have been taken, get to work on figuring out how the hack occurred and how future attacks can be prevented.

Remember, creating an effective response strategy is not a task that can be solved by a simple checklist. This is a serious business; indeed, an entire industry has arisen that is dedicated to helping companies respond to cyberattacks more effectively. But before you shell out for third-party support on building your response strategy, it’s worth checking out the NCSC’s website to help you better determine what the most appropriate steps are for your business. And whatever you do, don’t panic!

To find out more about how Red Sift can help protect your business from cyberattacks, get in touch.

Get in touch

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Tagged:
  • best practice
  • Cybersecurity
  • hack
  • strategy

Post navigation

Previous Post Data privacy and security: talk less, do more
Next Post What the Hack?!

Primary Sidebar

Subscribe to our blog and be the first to get updates!

Categories

  • AI
  • BEC
  • BIMI
  • Brand Protection
  • Coronavirus
  • Cybersecurity
  • Deliverability
  • DMARC
  • DORA
  • Email
  • Finance
  • Labs
  • News
  • OnINBOX
  • Partner Program
  • Red Sift Tools
  • Work at Red Sift
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • October 2016

Copyright © 2023 · Red Sift