As technologies advance and become more integrated into our lives, so do the tactics used by cyber criminals to try and compromise your business. Keeping up to date with the latest cyber criminal activities can be difficult, and ensuring your business has an effective cyber security strategy throughout its operations can also seem like an impossible task. However, without the appropriate defences in place, this can leave your organisation in a vulnerable position; with 40% of UK businesses receiving a cyber breach in 2020.
For this years’ European Cyber Security Month, we have created a Cyber Security First Aid guide on how to discover, contain, and recover if your business falls victim to cyber criminal activity.
Find the Source of the Breach
Discovering a cyber breach can be extremely difficult; many cyber criminals ensure that their activities fly under the radar, and it can take weeks, months or, in some cases, years for a business to discover their devices and data have been compromised. However, by noticing the early signs of a data breach, this can significantly reduce any further damage from occurring – some of the most common include:
- Random changes to file names or ‘missing' documents.
- Irregular financial activity.
- Spontaneous pop-ups, especially from reputable websites and software.
- Compromised email accounts or spam emails from company accounts.
- Redirected Internet searches on company devices.
Contain the Breach
After discovering a cyber breach, determine which devices, servers, and/or accounts have been compromised and then proceed to isolate these by disconnecting them from the company network to ensure the breach can’t compromise your remaining company assets. You should also seek to ensure that Internet and remote access has been disconnected, update all security protocols such as passwords, and maintain your current security settings.
Inform Your Customers & Partners
Not only can a cyber breach impact your devices, finances, and data, but suffering from a cyber attack can also cause reputational damage and impact your relationship between current, and future, clients and partners. Nevertheless, it is imperative to remain transparent and maintain a positive relationship with your clientele and trusted partners by keeping them informed of the incident, the actions your business is taking to resolve the situation, and providing additional support to help with any queries and concerns.
Educate Your Employees
With over 80% of cyber security breaches being a result from employee error, it is incredibly important to ensure your staff know the role they play with keeping company devices and data, secure. Implementing an effective cyber awareness program throughout your organisation could decrease your chances of a socially-engineered cyber attack by 70%! Keeping your cyber training regular, and ensuring your policies are up to date, will transform your employees into a resilient first line of defence against future cyber criminal activity.
Report the Crime to the Relevant Body
When you discover your business is victim to a cyber attack, it is extremely important to report the crime immediately without delay. Action Fraud, the National Fraud and Cyber Crime Reporting Centre, is available 24/7 to businesses who have received an attack or breach. Report the incident to your business’s bank and contact your cyber liability insurance provider, if applicable.
Ensure Your Business Has an Effective Cyber Security Strategy Going Forward
At Mitigate Cyber, we are all about prevention first. A common misconception we always hear is that cyber security is an IT issues – this is incorrect. Cyber security is, at its core, a risk management issue and should be the concern of the board. If you haven’t already, ensure that your business has an effective cyber security strategy going forward – assess what your critical processes and activities are, and the vulnerabilities throughout your business. The strategy can then follow these guidelines:
- Define the purpose and scope of the plan.
- Identify team responsibilities.
- Identify the threats you face.
- Highlight the business-critical functions.
- Determine what is an acceptable disruption for each area and function.
- Determine what is an unacceptable disruption for each area and function.
- Plan how to maintain operations in the event of a disruption.
- Outline stakeholder engagement.
- Develop a disaster recovery plan.
- Document data backup and recovery processes.
Once the plan is in place, it needs to be distributed to the relevant parties – stakeholders, Directors, Head of IT and so on. It then needs to be communicated company-wide.