No matter the size of your business, a cyber attack can be one of a company’s worst nightmares as it puts sensitive information of customers and employees at risk. Cyber attacks can lead to great losses, safety issues, and damaged reputations.
So what can a responsible company do before an event like this occurs to prepare everyone and help mitigate the damage if it does happen?
Keep reading to find out how to prepare a business for a cyber attack, including what to do during and after it happens.
A cyber attack is a malicious effort by an outside force to gain access to a network, system, or device with the intent of doing any or all of the following:
Steal, expose, alter, or destroy your files and sensitive information
Disable or destroy your applications and systems
Gain access to additional services and systems to attack
Learn about and attack your clients and vendors
Extort money through data ransom, selling stolen information, wire transfer fraud, or banking fraud
The hacker may be working alone, but these days cyber attacks are big business — and there are entire companies put together with the intent of stealing your information, blocking access to your device(s), and deleting important data.
Everyone has heard about businesses being hacked, but many people think it won’t happen to them. However, statistics show that almost 16,000 cyber crime incidents were reported worldwide between November 2021 and October 2022.
Virtually anyone can be targeted by a cyber attack, and they can lead to:
Theft of personal information
Safety concerns; and
Verizon’s 2020 Data Breach Investigations Report said that 86% of these types of attacks were for financial gain. Other reasons for cyber attacks may be related to political motivation, corporate espionage, or personal threats, among others.
Whatever the reason for a cyber attack, it can cause a great deal of damage to your business — even more so if you’re not prepared.
These days, it’s more a matter of when a cyber attack will happen, not if. We’ve put together this list of how to be prepared for a cyber attack to help you know just what to do to protect your company.
Phishing is the practice of using fraudulent emails or messages to get users to reveal personal data such as passwords, Social Security numbers, or banking information. Some hackers have gotten very sophisticated and can create a site or an email that is almost identical to that of a reputable company.
Employees should be trained to recognize phishing, spoofing, and other social engineering attacks. Your team is the most vital aspect of your cyber security program and represents the first and last lines of defense.
Training should be completed at least monthly, involve both training content and simulated attacks, and be required for everyone within the company, all the way up to the CEO.
Many people just ignore notifications about software updates because they’re right in the middle of something and think they’ll do it later when they have more time. And then they forget all about it.
But these updates often include critical security patches that can protect your devices from known vulnerabilities and reduce the risk of being hacked.
Make it a priority to update your systems every time you’re notified to do it, and if necessary, manually check for updates to make sure you’re covered.
Multi-factor authentication (MFA) is an extra layer of security that requires another verification by the user beyond a standard password. Even if a cyber attacker manages to figure out the password, they should be blocked by the additional protection.
Examples of MFA may include:
Something you know, like a Password, Security Question, or a PIN
Something you have, like a phone or hardware token device, that you can receive a code on or use to authorize login
Something you are like a fingerprint or facial recognition
The best multi-factor authentication methods are easy to use but hard for a cyber criminal to figure out.
Encrypted and secure communications allow both parties to share information without a third party being able to intercept the data and decipher it.
Encryption relies on secret keys to decode information as it passes between two parties. These keys are a series of numbers that are shared between the sender and receiver to help them understand the information without anyone else being able to.
Wi-Fi routers should be set up using the strongest encryption option — Wi-Fi Protected Access 2 (WPA2) Advanced Encryption Standard (AES). If you’re a small business and don’t have a dedicated IT department to help you with things like this, you should look into partnering with a company like Fixed Fee IT.
Use an encrypted file or storage device to back up important files on a regular basis. You should do this at least daily, and it’s best practice to keep these backups separate from the main network. Backing up your data to the Cloud or offsite storage is recommended to ensure your backups are secure if your main network is breached.
You should also have conversations about how much your data is worth versus how damaging it will be if it gets compromised. Does HR info about an employee who worked for your company 15 years ago have any worth compared to what could be done with that information if you’re hacked?
Sometimes it’s best to get rid of old files rather than back them up.
EDR (endpoint detection and response) software goes beyond your typical anti-virus system in that it doesn’t just look for and detect threats. It also searches for behaviors that are outside of the norm.
You can’t just run EDR software, though — you need a person interpreting the data that can make a determination about what’s happening and take action. This is something the team at Fixed Fee IT can do for you.
Create an Incident Response (IR) Plan so everyone is on the same page about the steps to take when confronted with a cyber attack. Also, ensure this plan is available off-network, so your team can access it if unable to utilize computers or other devices.
In addition to having a plan, your team needs to be able to enforce it. Training is key to making sure your employees understand both the risks of a cyber attack and what to do when they happen.
Training provides employees with a safe environment to practice handling real-life situations. It’s preferable for them to learn and make mistakes during training rather than in a real crisis.
Some companies conduct yearly training on cyber attacks; however, at Fixed Fee IT, we recommend at least quarterly. We can lead training or give you materials to do it yourself.
Your team should feel empowered to report issues and make decisions to keep your business safe. Overconfidence is the enemy, and you have to be skeptical.
Some of the things you should do during a cyber attack include:
Get help and enact the IR Plan: at the first sign of an attack, contact your IT support team and initiate your practiced Incident Response Plan.
Preserve evidence: While it may be tempting to shut everything down, it is critical to preserve evidence so that the forensic response team can identify how the attacker got in, what information they accessed, and what actions they took. Having a plan to isolate a system while preserving evidence of the attack is critical.
Stop the attack: Take steps to cut off the attacker's access, isolate the system, block connections to a service or system, and disconnect the internet.
After a cyber attack, you should:
Call your response team: Call your cyber insurance and enlist the help of a cyber response team. Your cyber response team will include technical incident response technicians to analyze the evidence and legal counsel to assist you in navigating the legal aspects of the incident and post-incident requirements.
Communicate: Work with your legal counsel to determine what to communicate to your team, your clients, and your vendors. Be careful and only communicate what has been approved.
Determine the cause of the incident: Work with your response team to determine the cause of the incident and identify the necessary steps needed to prevent future attacks.
Recover: Update your systems to prevent future attacks, scan systems for vulnerabilities, update passwords, and recover any lost data from backup.
Report: Work with your legal counsel and incident coach to file necessary reports to regulatory agencies like the FTC, SEC, FBI, and state attorneys general.
If you own a business, cyber attacks can be a scary threat that could irreparably damage your infrastructure. Fortunately, you don’t have to face them alone.
Fixed Fee IT provides trusted IT support — including cyber security and compliance — to Portland businesses. We’ll provide training and ask questions designed to help your employees realize that they’re not invincible and teach them how to prepare for a cyber attack.
We want to keep our clients safe by taking things to the next level to truly help you understand your business and help you make decisions, guiding you through the challenging waters of modern cyber security.
Contact us today to get started.