Cybercriminals can strike at any time. Data won’t be lost conveniently just after a backup has been performed, or when systems are temporarily down for maintenance.
There’s a reason why taking action against hacking is often referred to in IT as ‘firefighting’. The most important thing is to contain the threat – or ‘fire’ – and stop it from spreading.
Turn everything off, and this will give you the breathing space to start forming your next steps.
The only problem with this is the period of downtime it would bring to your business activities.
This is a prospect that no business owner relishes – telling people who have trusted your company with their data that your security has been compromised. However, you absolutely cannot fail to report a cybersecurity attack.
Once you’ve put the fire out, you can begin your investigation.
When did your company last have a cybersecurity audit? Over time software such as firewalls can become less efficient. Outdated systems will leave your company more vulnerable to hackers.
It would also be wise to review company passwords.
These are the first line of defence against hackers. Therefore, it’s surprising how many companies don’t regulate password complexity.
Human error lies at the heart of many cybersecurity attacks.
Phishing emails are a prime example of this. Hackers are operating with increasing subtlety. As scams get discovered the tactics become more advanced.
To minimise the risk of a cyber-attack, make complex passwords mandatory across your organisation.
Your password policy should prompt employees to use special characters, numbers and a mix of upper and lower-case letters. It should also specify the need to update passwords regularly.
It is also advisable to use two-factor authentication, for if anyone’s log-in details become compromised. Two-factor authentication confirms that passwords are being used by the right individual.
This takes many forms, ranging from security questions to sending a SMS code to a separate device. It will never hurt to have an extra line of defence against hackers.
More often than not, the damage caused by hacking is often exacerbated by the lack of a response plan.
Not knowing what steps to take means time, and therefore money, is wasted. An incident response plan should outline how to recover any stolen data and how to stop the threat from spreading. It should also outline who in your company handles the incident.
Personal responsibility for protecting against hackers should become part of your company culture. Do you expect your employees to fend off hackers without cybersecurity training? With the increasingly nuanced methods hackers use, common sense can only go so far. Quality training will minimise the margin for human error.