With cybercrime on the rise, it’s becoming a matter of when, not if, a business will be the victim of an attack.
So it’s vital to have a well-developed response plan ready to go in the event of a ransomware attack or other cybercrime.
Here are five of the key steps to take:
1. Trigger your disaster recovery plan and contact your insurer
Your approach to cyber security should have a clearly articulated strategy which you can learn more about in our Preventing a cyber-attack blog. You should also immediately contact your cyber insurer, who may be able to appoint an experienced forensic expert to assess the damage from the attack. These experts can investigate how the attack occurred, the strain of ransomware or other attack, and can suggest other remediation steps.
At this stage, you may want to seek advice from a professional about disclosing the breach to government bodies, regulators and other stakeholders, including affected customers and staff.
“Be aware any initial attack may be a distraction from a larger attack to a different part of the IT system”
2. Restore stolen data from backups
Ideally the business will have recently backed up its data and system externally to servers that are not connected to the main network. That way, the criminals can’t delete the back up and the business can be backed up and running in a relatively short time space.
How frequently to undertake back-ups depends on the nature of the business. As a general rule, the greater the frequency and number of transactions the business does, the more regularly it will need to back up this information. For some businesses, it will be minute-by-minute. For others, back-ups once a day are sufficient.
3. Make a commercial decision about paying a ransom
In general, it’s inadvisable to pay criminals a ransom after an attack. But from time to time, businesses may have no choice but to take this step. This is often when they have not adequately backed up their data, and paying a ransom is the only way to get access to it.
This is even more reason to ensure good back up hygiene. If there’s no choice but to pay a ransom, your insurer may require proof the criminals are in possession of the data before any money is transferred.
4. Implement a post-recovery plan
Once you have access to your data, it’s time to get back to business. This starts with a
health check of the network.
Be aware any initial attack may be a distraction from a larger attack to a different part of the IT system. Exploring that possibility should be a focus of the health check.
Post-recovery activities may also involve work to restore the business’ reputation among its clients and other stakeholders. Follow expert advice to implement policies and procedures to help reduce the risk of future cyberattacks. Develop clear and timely communication, so no one is kept guessing about the actions you’ve taken to better protect your business.
5. Check and recheck the network
After an attack, perform regular scans and penetration tests. This involves trying to find vulnerabilities in the system so you can understand what needs to happen to reduce the risk of hacks.
Do you have the right cover?
Your broker can help you perform a risk assessment of your business to help ensure the right mechanisms are in place to withstand a cyberattack. Contact us today to find out more.
This general information does not take into account your objectives, financial situation or needs. Information is current as at the date the article is written but is subject to change.
Steadfast Group Ltd ACN 073 659 677
Important notice – Steadfast Group Limited ABN 98 073 659 677 and Steadfast Network Brokers
This article provides information rather than financial product or other advice. The content of this article, including any information contained in it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.
Information is current as at the date the article is written as specified within it but is subject to change. Steadfast Group Ltd and Steadfast Network Brokers make no representation as to the accuracy or completeness of the information. Various third parties have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of Steadfast Group Limited.