5 Tips for Recovering from a Cyber Attack on Your Business

Small businesses are increasingly aware that cybercrime can strike any enterprise, not just Fortune 500 companies. This realisation comes not a moment too soon since various studies estimate that nearly 50% of cyber-attacks specifically target small businesses to achieve their nefarious objectives.

Why? Cybersecurity expert Joseph Steinberg points to several alarming factors:

  • Small businesses are considered more likely to give in to ransomware and pay hackers to restore urgently needed data.
  • Small businesses that regularly work with larger companies may be “a hacker’s golden ticket into a larger enterprise.”
  • Many small businesses lack a sophisticated line of cyber-defence.

Your business should take steps to guard against data theft, but even so, there’s no such thing as 100%-guaranteed protection. So, what happens if and when a cyber-attack occurs? Here are five mission-critical steps to keep in mind:

1. Fall back on your contingency plan.

Your best defence lies in crafting a comprehensive assessment of your IT system’s strengths and weaknesses before a cybercrime occurs. A thorough evaluation (not conducted during a time of crisis) can objectively determine where and how a malicious virus or hacker can breach your defences. Encourage your IT team to brainstorm every possible contingency and come up with an action plan to protect against them.

2. Ascertain the extent of the damage.

The first step following a verified cyber attack is assessing the extent of damage to your system. Get your IT team—or a trusted third-party vendor—to scour the system and isolate any infected areas. Analyse incident data. Determine if internal security protocols were adhered to and, if not, pinpoint where the breakdown took place.

Also, as part of the assessment process, be prepared to enlist third-party expertise “to help handle and mitigate the fallout,” says data protection expert Ermis Sfakiyanudis. This includes “legal counsel [and] outside investigators who can conduct a thorough forensic investigation” that definitively details how much damage has taken place.

3. Validate the integrity of your data backup.

Since many cyber-attacks take the form of encrypting precious data and rendering it inaccessible to you and your business, it’s critically important to have redundant data storage systems up and running at all times. These redundant servers and ancillary equipment must be maintained apart from your primary system, to protect against “collateral damage” from a virus or malware.

4. Repair the damage.

If and when an attack does occur, “it’s time to begin the restoration process,” advises IT security specialist Andrew Douthwaite. Reformat hard drive volumes. Reinstall operating systems and applications. Adds Douthwaite: “After the breach, it’s vital that you verify your backups are good.”

5. Notify constituencies about the cyber attack without evasion or ambiguity.

Virtually all IT security experts agree on the importance of communicating with various constituencies in a clear, forthright manner. To employees, customers, vendors, and—if necessary—the media, you should share as many details of the incident as appropriate and outline the actions you’ve taken to repair the damage and ensure against future attacks.

Any executive’s initial impulse might be to deny or mitigate the truth, but remember—the integrity of your brand is at stake. Attempting to misstate or spin what happened in a way you think may bolster your image is extremely risky. A certain amount of consumer trust is lost when news breaks of a successful cyber attack; if customers or employees or the media then suspect you’re covering up what happened, more trust will be lost, possibly forever.

Planning for the worst is the most effective strategy. As part of that effort, revisit your crisis plan at regular intervals, recognising that technology (and company personnel) keep changing as well.