You got hacked. Now what?
While getting hacked is never nice, the thing to keep in mind is that you’re not alone. In fact, you’re actually in really good company. Since the days of spoken language and written history, messages have been getting intercepted to the good (or ill) of those involved. Our increasingly digital world is a playground for hackers, but the good news is that all of those who have fallen victim to hackers in the past are making it easier for you to recover from your breach.
All your security and precautions may not stop a cybercriminal from stepping over or past your best defense and grabbing your data. This could happen to any organization. That’s why it’s important that you have a plan to deal with it if it does happen. In many cases, it takes months before companies even realize they’ve been compromised. A lot happens in those months and hackers will grab new information as it becomes available. You need to identify and respond to a breach when it happens.
How to identify a breach
So, your computer is acting funny? Once you notice something is amiss, you should start taking notes, manual notes such as emails or online messages can alert cybercriminals that you’re on to them. Keep track of issues with dates and times of problems. Your record can be useful to those who will track down and eliminate the threat.
What you need to know
Knowing how they got in and what they took is the only way to stop the breach. What you need to know about the breach:
- What they got
- Where they got it
- Where that data went
- How to stop it
Who can help?
When you’ve been hacked, it’s time to call in your Computer Emergency Response Team (CERT). This is a team you’ve created of employees who are responsible and have autonomy to deal with breaches. Members of the team probably have full-time jobs in your organization doing something else, supervisors or middle managers. They aren’t always responding to breaches, but when one occurs, they have the authority to make executive decisions and respond quickly. They will respond, identify the situation, and get to work.
Creating a CERT
When choosing members for your CERT team, look for employees with the following skills/knowledge:
- In depth understanding of the networking, operating systems, and applications
- Be able to identify viruses and know techniques to remove them
- Know how to hack themselves and be aware of the system’s weak spots
- Use many cross-platform network tools
- Be able to work on a team under pressure
- Ability to clearly communicate about what is happening
If that doesn’t describe anyone currently on your payroll, training can remedy that.
Managing the press
One person should be appointed to talk to the press should they get word of the breach and start calling. You don’t want a media storm on top of your data breach. If you have a PR department, they should handle it. The person handling the press should be a strong communicator who knows that to say and what not to say to avoid panic, even if panic is warranted.
Legal issues
Get in touch with your lawyer. There may be legal issues involved that need to be handled. Make sure your lawyer knows about the breach and let them decide if the law should get involved.
At the end of the day, learn from your mistakes and work to prevent the next breach and to improve your process for discovering and dealing with breaches quickly and effectively.