When your business has been hacked, it’s more than likely that personal identifiable information (PII) has been released. Hacks and breaches aren’t ideal, but they don’t have to be completely devastating scenarios.
It’s important to understand what hackers are seeking and how you should internally communicate in the event of a breach. Increasingly, cyber criminals seek passwords and PII that can lead them to bank accounts, and valuable proprietary information from an organization. Recently, the high-profile Equifax hack exposed 143 million Americans to potential identity fraud through the theft of their Social Security Numbers.
Cyber attacks are here to stay. You should plan not for if it will happen to your company, but for when it will happen. You don’t have to be one of the companies that lack data protection, security measures and a crisis communication system to properly respond.
What Should You Do First?
When you find out your organization has been hacked, the first step to seek guidance. Try to understand the severity of the hack. If it was only a few computers and limited data was accessed, that’s a vastly different story from a hack into your entire IT infrastructure - customer, client, partner, employee information and all.
If you don’t have the capacity to find out the scope of the hack internally, you’ll need to hire a security consultancy and/or approach your Internet Service Provider. If you suspect the breach is serious, you may also want to consider involving the local or state cyber crimes unit. They have the capacity to conduct a forensic analysis and let you know how much damage has been caused.
What is Your Crisis Communication Solution?
Once you know who has been affected, you need to communicate immediately to all involved stakeholders. The temptation might be to bury your head in the sand and hope you can get away with the breach, and solve it before people notice and potentially get angry. DO NOT DO THIS.
You must be upfront, open and honest about the issue, so that all affected parties can better understand what steps they need to take next. Not only is this a matter of respect for your employees and partners - it could mean the difference between salvaging your IT systems and your business, and not doing so. You’re also very likely under legal obligation to disclose as much information as you have on hand.
Crisis communications software like the Blackberry AtHoc Crisis Communication Suite can work to protect the information that your organization holds precious. The BlackBerry AtHoc suite of integrated applications run on a secure cloud platform that allows users, organizations and devices to immediately address the complex set of demands presented by a crisis (including a cyber data breach). If you can get your internal team working immediately on and end-to-end solution for collaboration, not only are you saving valuable time, but you’re saving money and your reputation.
Contain the Problem and Start Rebuilding
Once you’ve diagnosed what’s happened and communicated it to necessary parties, it’s time to problem-solve. This is one of the trickiest parts of a cyber attack response. An emergency mass notification system will come in handy here, as you work to piece together a solution.
Real-time collaboration is one of the most powerful response tools in the event of a cyber attack. Instead of confining yourself to a pre-defined set of devices, personnel, and physical locations - you can power up the devices and personnel that are key to responding to your specific data breach, in real time.
Remediation may require enlisting several third-parties, from physical security firms to cyber security firms and cyber crime detectives. The quicker you can lay out a containment plan, the greater chance you have of salvaging your operations and your reputation. Maintaining the trust of the public, as well as your internal organization, is critical in times of crisis.
Review Your Security Operations
So you’ve been hacked, and you’ve gone through the process of mitigating the damage and rebuilding. What have you learned? Now is a great time to review your security operations, and whether your security operations are effective. From initial data protection to the unified communication system you use, do you have sufficient measures in place to ensure that a breach won’t happen again?
Make sure that you consider all the stages of cybersecurity health, from initial measures to crisis management strategies to resiliency and testing. There are plenty of ways that you can tackle even the smartest, trickiest data breaches with even smarter solutions. For further guidance, request a Blackberry AtHoc demo.