Face it: the World Wide Web isn’t quite as safe as it used to be. Nowadays, most people live online. It’s where we shop, advertise, manage our money and communicate. Yet the more ways that we start to use the web, the more criminals are inherently learning to exploit weak sites and impressionable users.
If your business isn’t properly protected, one simple hack could cause significant harm and expense in the blink of an eye. According to researchers at IBM, cybercriminals managed to steal more than 61M records from retailers in 2014 alone. There are plenty of basic measures you should be implementing in order to prevent attacks on your business. For example, your business should have already invested in reputable anti-virus software, introduce password systems and draft some sort of Internet usage policy for employees.
Despite all these useful safety measures, there’s always a chance that cybercriminals are going to find a way into your company network. Here’s what you should do:
Get new passwords
Every cyberattack is different. Yet there’s always one thing you must do immediately after discovering an attack: change your passwords. It might sound like an idiotically basic first move to be making, especially when you haven’t even got a full snapshot of the damage an attack has caused. Yet by immediately changing passwords and login details, you can successfully contain even the most out-of-control digital wildfire.
The second you learn that a system or work station has been compromised, it’s crucial that you isolate the server hosting the system. Change any and every password in the system, and convince employees to do the same. If you’re able, it’s also worth attempting to build new, temporary barriers between employees and sensitive data files.
Disconnect your cables
A lot of business owners would also be surprised to know that it’s possible to stop a cyberattack by literally pulling the plug on a work station.
One of the most common forms of attack at present is called ransomware. This type of virus will usually trick an employee into clicking on a link to a rogue website—which ends up locking their screen and demanding they pay a ransom before the screen will become unlocked. It’s vital that you train your employees to pull the plug on their work station the moment that ransom message appears. Disconnect the network cable, and shut the computer off. If done quickly, that might be all it takes to keep the ransomware from spreading.
It’s important to note that, after stopping ransomware, you’ll need to restore a desktop to its original settings in order to regain control. That means it’s necessary to maintain up-to-date recovery disks or back-up drives to ensure you’re not losing years’ worth of important company files. When in doubt, leave the salvage operation to professionals.
Tell the truth
Just because you’ve pulled the plug in time to prevent a major catastrophe does not mean you’re allowed to keep it a secret. If you’ve got access to sensitive data relating to clients or customers, you are going to have to deliver a transparent report regarding any hacking attempts. In most cases, this is just a moral imperative; however, some industries have regulatory guidelines relating to the disclosure of digital security risks. Let your customers know exactly what happened, how it happened and what information may or may not have been compromised.
More importantly, let them know what you have done or are going to do about it. For example, perhaps you’ve simply had to change your passwords, or you’ve decided to fork out for an upgraded version of antivirus protection. You should keep your clients in the loop to give them some peace of mind.
You should also report any attempted cyberattacks to the authorities. It may seem a little unnecessary—especially if the attack was unsuccessful. However, law enforcement experts are actually getting much better at recording and dealing with hacking incidents.
At the end of the day, the key to combatting cybercrime is preparedness. You’ve got to conduct regular IT reviews and system clean-ups, and you absolutely must train your employees to spot suspicious activity and report it as quickly as humanly possible. If your company ever does fall victim to cybercriminals, you need to act fast.
Author: Rachel Craig is a Digital Media Executive at Quality Formations, the UK’s leading company formation services provider. She specializes in private limited company formation, statutory compliance and corporate taxation.