What to do if your business is hacked
In early November Tesco Bank spotted some suspicious activity that, in the end, turned out to be what was described as an ‘unprecedented and serious’ hack by the chief executive of the Financial Conduct Authority. It damaged their reputation, and could cost them over £2.5 million.
Your business may not be as large as Tesco, but that doesn’t mean you’re not at risk. Recent research in the Government Security Breaches Survey has highlighted that SMEs are increasingly becoming a target for hackers. In 2015, 74% of SMEs reported some form of malicious attack.
The cloud is a simple and increasingly secure way to organise your IT infrastructure, but what do you do if things go wrong?
Here's a simple, step-by-step guide on how to deal with a hack.
Recognise there is a problem
The longer a hack is ignored, the more damage that can be done. If you spot that something isn’t right then take action immediately.
There are lots of warning signs to look for. A sudden spike in DNS traffic might mean your servers have been compromised, abnormal user-account behaviour might mean accounts have been compromised and random emails with attachments may mean your business has become a target.
If you use an external provider, they should regularly be doing these checks on your behalf, and will be able to alert you to any suspicious activity.
These safety checks and balances should help identify breaches quickly, but not always – particularly if vulnerabilities are new or recently exposed.
You should work to educate your staff, enabling them to recognise if something isn’t right. Abnormal email activity, particularly receiving unsolicited emails with attachments are common ways hackers can get access to your systems.
Prevention is always better than cure. Ensuring you work with trusted providers and install all security updates regularly should go without saying. But it may not be enough.
Lock everything down
If you can see there is a problem then now is the time for action – even if you don’t know exactly what’s wrong.
The first stage involves working with your in-house IT team and external providers to come up with a plan of action. The main aim at this stage is to protect your business and the data and information of your customers.
A total lock-down could be the best approach, turning off all systems until you get a handle on what has happened. You may be able to isolate systems to contain the hack. It all depends on the problem itself.
If you work with external providers let them know as soon as possible that your systems are compromised. A vulnerability in one area of the system can quickly spread to others.
Hopefully your supplier will be there to answer the call. At Principal, our dedicated UK contact centre means that there is someone on hand to speak to you about any security concerns and take immediate action.
Don’t forget to keep your staff aware and involved, particularly those who deal directly with customers. A breach may not necessarily destroy all of your systems, but it could damage your reputation, so stay on top of communications internally and externally.
A note on ransomware
There is a growing trend for ransomware attacks on SMEs. In such a situation hackers essentially take hostage of your data, and attempt to sell it back to you. Internet security experts Kaspersky estimate that 750,000 of its users were victims of such hacks in 2015.
In such a situation, recognise that you’re dealing with criminals who have no interest in you, your business or your data – they just want your money.
The best approach is to plan for such attacks by regularly backing up your organisation’s data and being prepared, if necessary, to wipe systems and reinstall everything from scratch.
Investigate the vulnerability
It may have been a staff error, a targeted attack or the exploitation of a previously unknown backdoor into your system. Whatever the hack, a forensic examination of your systems and processes is essential in understanding any existing or potential weak points and securing against them.
In certain circumstances you may want to work with an external consultant who can help you to understand what went wrong. This can often be a beneficial process for a business, with an impartial assessor more likely to avoid the politics that can affect such investigations.
A hack can be an incredibly difficult issue for a business to deal with. Part of the rebuilding process is about developing a strategy to deal with future potential hacks. This will ensure your business is in a much stronger position to manage any attempted attacks in the future.
Often businesses adopt or embrace cloud computing systems to already existing IT infrastructure. This can lead to gaps within the system that can be exploited.
Your cloud IT infrastructure should be planned and deployed strategically. If it isn’t, it may be that you need to go back to the drawing board and design a new system from scratch.
At Principal our dedicated UK-based team work with organisations to design and implement systems with security at their core. Our team is always on hand to support you if things do ever go wrong. If you have any questions then don’t hesitate to contact us.