Minimizing Damage Following a Cyber Incident
Security incidents happen all the time. 29% of US businesses experienced a data breach last year, and 53% suffered some form of cyber attack. Often, it is not the magnitude of the incident itself, but the effectiveness of the company's response that determines how a breach is remembered. If your organization is faced with a cyber incident or breach, it can be difficult to know how to respond. Unfortunately, many businesses make knee-jerk reactions that can actually make the problem worse. If you find out that your company is experiencing a cyber incident, keep these steps in mind to help minimize potential damages.
Business leaders typically feel pressure to respond immediately when they are notified of a cyber incident, which can cause them to make rushed decisions, negatively impacting their organization. While it is important to address the issue quickly, it is just as important to address it effectively. Taking a little extra time (hours or days, not months!) to handle an incident properly will help your business immensely in the long-term.
Trust your Incident Response Plan
If you have an Incident Response Plan, now is the time to use it. Hopefully, it includes thresholds for escalation and contact info for your Incident Response Team and other key decision makers. Ideally, this plan was carefully developed with input from department heads, security experts, and legal counsel, and will help you make effective decisions under pressure. If your organization does not have an Incident Response Plan, you should contact cybersecurity professionals with Incident Response experience and a lawyer with knowledge of cyber regulations.
Lean on your Incident Response Team
For you, a cybersecurity incident is a huge disaster full of unknowns. A professional Incident Response Team (IRT) handles cyber incidents day-in and day-out. They have seen it all, and their expertise will help you make the right decisions about how to respond. Ideally, your IRT will work closely with a cybersecurity attorney. Together, they can uncover how your system was infiltrated, what information was accessed, and who, if anyone, must be notified of the incident. They will also know what measures need to be taken to secure networks and endpoints, and give the OK to return to business as usual.
Don't send out notifications- yet!
While it may be tempting to "do the right thing" and immediately let your clients and employees know that their data may have been compromised, this can be a PR and legal nightmare, so it is best to wait for your IRT to determine exactly what information was compromised and then notify the necessary parties. Whoever is in charge of sending data breach notifications, if they are necessary, should work closely with key personnel from PR, HR (if applicable), and legal to ensure that they don't sensationalize the incident or implicate your company beyond what is legally required. A crisis management communications expert can be invaluable during this process.
Improve your security
This is a great time to take inventory of your existing security strategy, identify weaknesses, and develop a plan to improve your organization's overall security posture. Fixing any security gaps that were identified by your IRT should be a priority, and if you did not have an incident response plan prior to the incident, now is the time to make one. If you did have an incident response plan in place, take this opportunity to update and improve it.
Get Back to Business
After the dust has settled, the best thing you can do is get back to business. Don't dwell on lost clients or bad PR. Instead, focus on your core competencies, work on acquiring new clients, and, if applicable, develop strategies for improving your organization's public image and SEO.
Need Incident Response experts? Bluestone Analytics' Incident Response Team has the expertise to help you navigate even the most complicated cyber incidents. We have worked with businesses of all types- from Fortune-50 companies to small manufacturing businesses. We work closely with cybersecurity attorneys and have experience in crisis management communications to help you recover quickly following an incident.