When the s**t hits the fan

This article was first published in Grow Magazine

It’s 7.30am. You’ve just arrived at the office. You have a busy day ahead but with some strong coffee, you’ll be good to launch into the first of a string of important meetings. 

The phone rings. It’s Alex from IT, panicking. “Boss, our website has been defaced and we can’t access any of our files in the office. There’s a message – they want money. Bitcoin. What should I do?”

This, or something like it, might well have already happened to you. If it hasn’t, there’s a good chance it will soon – businesses fall for ransomware attacks every 14 seconds and half of all cyber attacks are targeted at small businesses.

When the time comes, how you handle it could change everything – from the way your business is seen by staff, stakeholders and customers to the state of your finances. 

So what do you do? 

The wrong answer is panic. The right answer is to make that coffee, cancel your meetings and prepare for the long day ahead:

1 – Identify and contain

Understand what’s happened and lock the situation down as quickly as possible – some systems may need to be taken offline immediately (consider who or what this may impact). It is vital that you identify the data that is potentially at risk, how many records may have been affected and how sensitive these records are. 

2 – Inform

Covering up a breach is possibly the worst thing you could do. Let staff, stakeholders, anyone affected by the loss, the ICO (if relevant) and the public (as appropriate) know. Do this as soon as you can, but don’t be too definitive too soon

3 – Remediate and recover

Understand the breach may be deeper than you first thought. Audit your systems and identify the cause, then work with your technical team to ensure the necessary steps are taken to fix the problem. 

4 – Learn

You must by law document all aspects of the breach. You need to improve your systems so they are more resilient in future. Research suggests businesses can recover from a breach, but if they have more than two, trust can be lost permanently.

5 – Keep communicating

At all stages, keep people informed both internally and externally. Communications should be simple, transparent and up-to-date. Keep letting people know what you think has happened, what you have done, and what you are going to do to ensure it doesn’t happen again.

Prudent business leaders realise the question is always when will a cyber attack will happen?’ – not if. And to work through the above steps in the heat of a real-life breach, you need to be prepared. 

Every business should have an Incident Response Plan in place and ready to roll out. This should be tailored to your business and will enable you to action the above without delay and with minimal disruption. If you’d like to talk to our team about putting an Incident Response Plan together for your business, get in touch today.

You might also like