Picture this: your worst nightmare has come true – your business has fallen victim to a cyber attack and your assets are being stolen before your eyes. What do you do now?
Well, depending on the nature of the attack will depend on how you should react and respond. In this blog post, we’ll discuss the post-attack procedure you should be implementing whether it’s a personal device cyber attack or a corporate cyber attack.
Personal device cyber attack
A common type of cyber attack carried out on individual people involves completely taking over the victim’s mobile phone. By doing this, the criminal can gain access to all accounts attached to your phone number, including emails, the iCloud, bank apps and social media. Plus, if you’ve previously set up 2 Factor Authentication to send a code to your phone number, they can also access this, allowing them to bypass your extra security measures. But how can a cyber criminal do this?
In the specific case of a mobile phone, the cyber attacker could call your phone provider and pretend to be you, making up a lie that you’ve lost or broken your phone and that you’re in urgent need of a new one. They’ll use persuasive techniques to get around the security questions, eventually convincing the phone providers to send you a new phone and/or SIM card. However, this will be sent to the criminal’s address instead of yours, and once they’ve activated the new SIM card, yours will be deactivated. From here, they can essentially access a mirror of your phone.
However, this is only one example. There are MANY ways that a cyber criminal can access your personal data and devices, and how you react at the time will make a huge difference to the outcome.
So, what should you do if your personal device or data has been hacked?
First things first – if you are not trained in cyber security and aren’t sure where to start, your first step should be to contact a cyber security professional. They will guide you through the necessary steps to limit the damage of your attack.
At SupPortal, we offer immediate assistance to anyone currently experiencing a cyber attack. You can call us on 023 8098 2218.
Step 1: Find the location of the breach
Early detection of breaches is crucial. Only once you’ve detected and located the breach can you take action to contain it. With early detection, you can prevent the cyber criminal from further accessing your data, minimising the damage.
Here are the typical cyber attack warning signs that will help you to detect and locate the breach:
- Unusual network activity: higher traffic on your website, unexpected password recovery prompts, or failed login notifications.
- Unusual account activity: password attempts, or recovery notifications not sent by employees, login attempts outside of normal work hours, encrypted files, or an unusually high number of logins.
- Files going missing or access restricted
- Increased number of phishing emails sent to employees
- Network running much slower than normal
Step 2: Assume that everything is compromised
If you assume the worst case scenario, you are more likely to limit the damage. This way, you can take maximum action, ensuring to cover every area of your business – from employees to online data.
Step 3: Change all your passwords
From main email accounts to backup social media accounts, you need to change every password you have. If a cyber criminal has access to your whole device, there are a variety of avenues they can take to find more information – including email addresses you barely even use.
Step 4: Enable 2 factor authentication
If you haven’t already, now is the time to enable 2 factor authentication anywhere you can – however, make sure the verification code isn’t being sent to your phone or email, as the criminal may have access to these. Instead, use an authentication app.
Step 5: Document the breach to gather evidence
To take any further steps, you must first gather as much information about the attack as you can. This includes:
- The date and time in which the breach was detected
- The date and time that you responded
- Information about who discovered it and who reported it
- The location of the breach
- Affected files
- Affected systems
- Initial assessment of what may have occurred
- Initial assessment of the extent of the damage
- Who has been notified – including law enforcement or cyber security professionals
Corporate cyber attack
There are a few differences in how you should respond to a cyber attack if you’re a business, rather than an individual.
As mentioned previously, if you are not trained in cyber security and aren’t sure where to start, your first step should be to contact a cyber security professional. Call us on 023 8098 2218.
Step 1: Report the breach to ICO within 72 hours
If your business retains any customer information – whether you’re in retail or you have a HR department that stores contact information – you must report your breach to the ICO within 72 hours of discovering it.
If you do not comply with this, you will face a fine.
Follow steps 1-5 above
Step 6: Do not pay the fee to get your data back
Often, when a cyber criminal has access to your data and has successfully locked you out, they will ask you for a sum of money in exchange for your data. It’s not uncommon for businesses to simply pay this fee, in the hopes they can move on from the breach quickly and limit the impact it has on their business. However, we would not recommend this approach, as it’s unlikely to stop the attack (or future attacks).
Step 7: Invest in a more robust, layered cyber security solution
Once you’ve fallen victim to a cyber attack, you are penned as an easy target. Now is the time to up your cyber security to the highest degree.
At SupPortal, we work with businesses to prioritise their cyber safety, training their staff to ensure a high level of cyber-awareness and implementing a layered solution.
Whether it’s a security breach from cyber criminals, viruses, malware or even an accidental employee breach, we can help. We provide a range of CSaaS solutions including Managed Cyber Security subscriptions, Cyber Security Assessments, Cyber Security Awareness Training, Cyber Incident Response and Disaster Recovery.
If you’d like to talk further about how SupPortal can help keep you and your business safe, chat to us.