By Superfast Business Wales
As businesses begin preparing for the changes that The General Data Protection Regulation will bring into force on the 25th May 2018, now is the time to start thinking about your online security, data protection and what you’d do if your business came under a cyber-attack.
A cyber-attack refers to any attack by an individual, group or organisation against a business’ computer information systems, infrastructure, computer networks, devices or data. These typically anonymous attacks seek to steal, alter or destroy the targeted items but may also request a ransom to save the system.
It’s too late to think about protecting your assets when you’re in the midst of an attack so to help you prepare for the event that your business is hit, here are 7 things you should consider to develop your response plan and ensure you’re in a position to recover your business if the worst happens.
Read 7 important parts of your plan to consider:
What are your immediate steps when a breach is identified? Start by logging the date, location and specific details of the issue. This will help you to trace back your steps and pinpoint specifics about the nature of the attack whilst also helping to identify the weaknesses in your security. You should then address who should be immediately contacted – is it your IT team, a particular member of staff or do you have a dedicated supplier who manages your software and/or security?
Carefully disperse information about the attack
The next step is to consider the key stakeholders who need to be updated about the breach and their role in helping to isolate the issue as quickly as possible. Plan the type of communication and messages that will need to be shared with the wider team and employees to protect the business, limit the impact of the attack and reduce internal panic.
Be aware of GDPR requirements
As the new GDPR law comes in, it will be more important than ever for businesses to demonstrate compliance. This will also impact how you respond to cyber-attacks. Business will be required to give immediate (or within 72 hours in certain circumstances) notification of a data breach.
Containment of the breach
Once an attack has hit, the best thing you can do is try and contain the attack as quickly as possible to help stop additional data loss. Consider the steps you would take such as taking affected equipment offline or which systems would need shutting down. The quicker the response, the more likely you are to save your data and software so preparing for containment now is crucial.
Could your business recover its data from a back-up? It’s crucial that you consistently and securely back up your servers and data. Without effective recovery, you could find your business grinds to a halt. Alongside addressing the required steps following an attack, your plan should highlight the process of recovery to ensure a swift return back to normal working order.
Protect your reputation
A strategy should be in place to help you handle your communications during a crisis situation. Whether your business is big or small, a cyber-attack can have devastating consequences if not handled quickly and effectively – whether that’s to your business systems or customer trust. It’s vital that your immediate reaction and response is considered to help retain stakeholder confidence.
Learn from the attack and prepare for the future
Businesses can’t afford to be lazy when it comes to online security. The digital landscape is constantly changing and hackers are able to improve and target their attacks in more sophisticated ways. Any breach of security should encourage your business to reflect on why the attack happened, where current and potential weaknesses lie and how an attack could be prevented in the future.