What should you do after a cyberattack?

By Joe Vitale, VP, Treasury Management

Many business owners haven’t given much thought to what they would do after a cyber attack, but now is the time to plan so you can be prepared.

You’ve read all the horror stories about large, well-known corporations that have been victimized by cyberattacks — from Target and Home Depot to Sony Pictures and even Apple. But you figured it could never happen to a small or mid-sized company like yours.

Think again. The big corporations may garner the cyberattack headlines, but small and mid-sized firms can also be vulnerable. In fact, data thieves often target smaller firms specifically because the owners think they’re safe and have let their guard down.

Do you know what to do if your company is ever victimized by cyber attackers? Many owners of small and mid-sized businesses haven’t given this much thought — but now is the time to plan so you can be prepared if the unthinkable happens.

Execute Your Action Plan

According to the PCI DSS, two of the most important steps a business should take after a cyberattack are:

Limit any further data exposure and loss.

Copy, store, and analyze information from network logs. Keep computers plugged in and keep them turned on unless files are being destroyed. Otherwise, turning off a computer gets rid of volatile memory. This information can help security experts better understand the intrusion and prevent it from happening again.

Notify your business partners as soon as possible.

Forty-seven states now have laws requiring businesses to notify individual customers whose personal or payment information may have been compromised due to a data breach, though each state’s specific notification requirements are different. Be sure you know exactly what happened before you contact your customers or third party processors so the message is clear and consistent.

All businesses need an incident response plan in place when a cyberattack occurs. The plan outlines what to do and how to respond across your company and how to work with your customers, financial institutions, and related partners to recover from any incident.

Your Incident Response Plan should be distributed to and understood by everyone in your organization who will have responsibility for taking action after a cyberattack and resulting data breach. In addition, you should test the plan at least annually to make sure it’s effective and that you haven’t left out any key steps.

If your company accepts credit and debit card payments from your customers, you are required by the Payment Card Industry Data Security Standard (PCI DSS) to create a data breach Incident Response Plan. This plan should explain in detail the steps you will take should a data breach occur that exposes your customers’ payment information.

There are many free resources available to help you create a new or update an existing Incident Response Plan. A good example can be found through SearchDisasterRecovery.com.

Business Recovery and Continuity

If you currently work with a cybersecurity firm, talk to them about the best practices for containment, recovery and repair. If data has been lost, determine how the data will be restored. If an attack shuts down critical systems, determine how quickly they can be brought back up so downtime and customer impact are kept to a minimum.

Once you’ve remediated the data breach or vulnerability and you have notified affected parties, your next step is to get your normal operations back up and running again as quickly as possible. The extent to which you are able to do this will depend largely on the extent of the cyberattack, your business recovery plan, and continuity procedures.

What About Financial Recovery?

In some cases, your company may experience financial loss as a result of a cyberattack. If that happens, your exposure will be based on your ability to pay from your current assets or the limits of your cyber insurance policy. The increased prevalence of cyberattacks in recent years has led to the introduction of new types of cyber insurance policies and riders to standard business policies that provide both first-party expense coverage and third-party liability coverage.

Cyber insurance policies generally cover lost income due to business interruption, e-commerce loss and e-theft, extortion, internal data loss and restoration, and forensic investigation. A cyber insurance rider to a standard business insurance policy covers potential liability for breach of your customers’ privacy as well as customer notification, public relations, litigation, crisis management, and credit monitoring expenses. A cyber insurance policy can also provide coverage for regulatory defense costs, penalties and fines and consumer redress due to unauthorized access to your customers’ personal information.

Make Plans Now

There are three types of businesses: those that have been hacked, those that haven’t been hacked yet, and those that will be hacked again. Most experts agree cybercrime is just as certain as death and taxes. That means you must put plans in place to prevent attacks or be ready when they happen. Cyber thieves don’t discriminate when it comes to the kinds of businesses they attack; practically any company could be at risk.

And if your company experiences a data breach you must be prepared because the cost could be significant. According to the 2015 Cost of a Data Breach Study: United States, published by Ponemon Institute, the average cost of a data breach per lost or stolen record is $217. So if your business has 5,000 customer records on file and is breached, that means it could cost you over $1 million to identify, fix, restore, and pay out fees for new systems and lawsuits. Now is the time to prepare for the inevitable aftermath of what happens after you experience a cyberattack.