Over 30% of UK businesses suffered a cybersecurity attack or successful breach between 2022 and 2023, rising to 59% of medium-sized organisations and a staggering 69% of large companies – meaning your emergency response protocol needs to be clear, established and ready to go.
While so many companies assume cybersecurity won’t ever affect them or that anti-virus software and firewalls are sufficient, the reality is that data breaches and hacks are becoming more prevalent and more serious.
This guide from Jera, the UK wide specialist business IT support and systems security provider, shares advice on what to do immediately if you suspect something is amiss and how to mitigate the damage and costs caused by hacking and malware.
Creating a Business-Specific Emergency Response to Cybersecurity Attacks
Step one is to ensure you have a response mechanism in place – in much the same way you would turn off the water if you had a flood or hit an emergency stop button if a piece of machinery or equipment started to malfunction.
One of the primary reasons businesses suffer critical digital security breaches is that they haven’t put any systems in place and don’t know what to do in a crisis.
Businesses that work with a professional managed IT security services provider or security team can, of course, contact the rapid response desk for real-time assistance – but what should you do if you don’t have this support available and are worried that a cybersecurity incident is occurring right now?
Here’s a quick step-by-step guide to the key components of an emergency response policy.
1. Verifying a Breach Has Occurred or Is in Progress
Much of the time, it may not be immediately obvious that a breach has occurred since hackers and scammers go to great lengths to conceal their activities. Noticing something untoward when a breach has occurred is more about data recovery, but if you spot the problem early enough, you may be able to take decisive action.
An IT technician will respond differently depending on whether a hacker is currently infiltrating your systems or network – this may involve immediately shutting down external access routes, identifying vulnerabilities, putting defences in place, and then safeguarding your most valuable data.
However, after the fact, the focus will be more on determining how and where the breach occurred and recommending the right strategy to prevent a similar incident. An IT consultancy can also suggest software upgrades, monitoring solutions and robust protection to improve your level of security.
2. Containing a Systems Cybersecurity Breach
As we’ve indicated, containment is crucial. Securing the network might mean suspending all activity temporarily – while this may be disruptive, removing an unauthorised party from the system can be essential.
Depending on the nature of the breach, business managers may need to establish alternative lines of communication to let their workforce know what is happening or to provide updates to clients who cannot access resources, accounts, or apps while the situation is being dealt with.
It is often crucial to instruct every team member, including those working remotely or in the field, to disconnect all devices, avoid sending emails or digital communications, and use third-party phones to ensure any decisions about the cybersecurity incident are not visible to the perpetrator.
3. Investigating Cybersecurity Breaches and Regulatory Compliance
When your systems have been secured, an IT specialist will need to conduct a full investigation, evaluating various aspects such as:
- How the breach occurred, and which areas of the business it has impacted.
- Data that may have been accessed and whether this constitutes a reportable event.
- Where the cybersecurity event happened, and which system elements failed to prevent the attack.
- How to avoid anything similar from recurring, and what urgent steps the business needs to date.
- Whether lost data can be retrieved or recovered.
If a cybersecurity attack has affected your banking, any systems with third-party access permissions or your customer information, you may be obligated to report this. Data breaches involving customer data should be reported to the Information Commissioner’s Office (ICO) within 72 hours.
While companies aren’t necessarily expected to have completed a full investigation within this timescale, they must declare a reportable data breach within three days of becoming aware of it. The ongoing process of reporting the details of the incident and how this may impact your customers and their data protection rights can follow as information becomes available.
In some cases, you may also need to notify the authorities or the police or lodge a report with the National Cyber Security Centre, which monitors cybersecurity across the UK.
Preventing Cybersecurity Attacks: The First Line of Defence
Here at Jera, we always advise that prevention is the safest solution since the cost of a cybersecurity hack or data breach can be catastrophic, with the additional impacts of reputational damage and customer liaison to inform clients their data has not been adequately protected.
A skilled cybersecurity expert can identify potential gaps in your security, vulnerabilities within your systems and necessary updates to software alongside security patches as part of an ongoing, contracted systems monitoring service.
This process ensures that your networks, devices and systems are always under the watchful eye of a technician well-versed in cybersecurity attacks, varying types of viruses, spyware, malware and ransomware, and substantially reduces the likelihood of an attack.
However, should an attack be attempted, your cybersecurity provider can spring into action, shoring up your systems, reinforcing defences and ensuring a hacker or scammer doesn’t get past your safeguards and cannot infiltrate your business.
Even so, we strongly recommend that clients have emergency response protocols in place and make this part of compulsory staff training, ensuring that any inadvertent lags in security, particularly prevalent in BYOD workplaces or when staff are working remotely from their own devices, don’t leave a large hole in your cybersecurity protection.
For more information about cybersecurity emergency responses or to arrange an audit of your systems to evaluate whether they are in a good position to withstand an attack, please contact the Jera team at your convenience.