What should you do when your company has been hacked?
Every company’s nightmare is to hear from your IT consultant, “your company has been hacked”. In the world of IT, it is an ongoing battle between IT departments or managed IT services providers (MSPs) versus hackers.
So what should you do if your company has hacked?
Unfortunately if this happens to your organization, you should follow these steps to address the issue.
- Panic but Don’t Panic – Human nature will be to panic however there is no need to panic over a situation that has already happen. Panic will not help at this moment. By calming down and eliminating panic, you will be able to see the entire picture much clearer.
- Investigate the Damage – You need to quickly investigate what damage was done to your infrastructure. A quick report of what has been breached? Which systems have been compromised? What data has been accessed, copied or deleted? Get your tech support department to immediately remove all compromised systems from the network to prevent further breach. If you believe there is a criminal offence, you should immediately shutdown or disconnect the entire network including the server to preserve the Operating System, files and databases in a forensic state.
- Close the Breach – Assemble the team. Depending on your company, you may want to bring in your entire IT team including IT support and tech support. If you have a third party managed IT services provider, engage them immediately also as they have the man power and resources to help in such emergencies. Next you should immediately get your IT support services to patch the holes and close the breach. Your tech support team will take an outside look in therefore closing the outside perimeter and working their way in until everything is patched and closed.
- PR Time – This is an area that many companies drop the ball. Communication is key once you know the severity of the breach and its impact on your clients and partners. Nothing beats honesty and transparency. If you have an internal PR department, they will quickly take over and go into damage control mode. If not, find a PR firm that will come up with a plan on how to address the issue and how to preform dome damage control and reputation rebuilding.
- Notifications – Depending on your industry, partners and client base, there are many different avenues you must take to address this issue. In some industries such as banking and healthcare, there are legal steps to be taken but regardless of your business, you should always report the breach to customers if it involves a breach of their records. You will also have to report the breach to industry regulators.
- Clean up – Depending on why and how the hackers penetrated your network, there are many different avenues that can help with the cleanup process.
- You may need to replace equipment in your IT infrastructure
- Advanced Persistent Attacks remain resident on networks for an average of 260 days, so restoring a system from a backup is not necessary an option
- Re-evaluate your IT infrastructure. Many times, Managed IT Services providers are called in to evaluate the entire infrastructure even thou there is an internal IT team. A fresh set of eyes sometimes offers a clear view of the true picture.
Your company will need to address this long-term to make sure this does not happen again in the future. Many companies are now using hybrid models for IT management including internal resource and managed IT services providers (MSPs) such as 365 iT SOLUTIONS.