We’ve been hacked – what now?

Recently, I spoke at a seminar in Brighton.  The topic was “We’ve been hacked – what now?”  The other speakers were: a data forensics expert, a disaster recovery expert and a police officer. I thought I would share with you the common themes that emerged:

Internet Crash Security HackedCommon Themes

  • Don’t rely on your in-house IT team. It requires specialist skills to investigate an attack in a way that provides quality evidence for court. Your in-house IT is likely to compromise evidence in their attempts to get service up and running.
  • Have an incident management plan and good working backups of your data. Robust planning prior to an attack is often the key difference between a company that survives an attack and one that does not.  Companies neglect the basics, such as backing up data, at their peril.
  • Concentrate on dealing with the effects on your business, not on the technical issues. It is easy to tie yourself up in the detail of how to fix your servers and get things back up and running. However,  it is actually far more important to keep your customers happy.  In fact, never lose sight of what your customer wants and needs from you.
  • Think carefully about statements to the press and social media. Recent cyber-crime surveys show that the biggest cost of a cyber attack is not the loss of data or loss of trading.  It is the loss of reputation. Manage your reputation carefully throughout the incident.
  • Take time to stop, look and listen before jumping in with a recovery plan. Make sure you fully understand the scope of the problem before trying to patch it up.  A patch for a specific problem can lead to a false sense of security because the underlying issues that exposed that problem are still vulnerable.

Your reaction matters

Overall, business owners have different definitions of what it means to get hacked.  For some, a single PC catching a virus is a security incident.  Others only view it as a problem when they have evidence of actual data loss or angry customers.  Whatever your definition, customers will usually focus on how you react to the incident; not how it happened.  Your best protection against losing reputation and customers is to have a robust plan in place so that you know your reaction will impress.