Of course, it is very important to have a plan in place for data loss, before your system is hacked, such as making redundant backups and cloud backups. Keeping your data backed up is extremely important in your DLP (Data Loss Prevention) strategy, not only in case you get hacked, but for any other possible data loss, such as fire or natural disaster, so you can get your business back up and running as quickly as possible.
Don’t Leap Before You Look
The first step you should take if your business is hacked is NOT restoring any lost data. For one thing, you could simply be hacked again, losing the data again, as well as increasing the risk of your clients and customers personal information being compromised.
You may believe the first step you should take would be to patch the possible holes in your security and locate the vulnerabilities in your system that allowed it to be hacked. While this is a very important step in dealing with a hacked system, this is not the first step you should take.
You might also think that the first step you should take would be to find out who hacked your system and how it was done. This is a logical conclusion, but it’s not the first step you should take.
Investigation Is Key
The very first step you should take if your business is hacked is to find out what information may have been compromised and immediately involve your local law enforcement agency. You want to focus on assuaging damage and data loss and providing pertinent information to law enforcement. It may be necessary to notify clients of possible breaches in their personal information to minimize the risk of identity theft and breach of sensitive financial data.
Law enforcement agencies can help you identify whether such disclosure is necessary as well as keeping you apprised to the risk of further hacking activities. Most hackings are not isolated incidents but are often a part of a larger “ring” where many companies, corporations and other entities are being hacked as well. By immediately reaching out to law enforcement you can help to minimize your risk of further breaches taking place.
The odd thing is, most IT security personnel overlook this as a first step, but focus instead on closing any holes, getting data back online, etc. It may be because we still aren’t seeing our online data the same way we see physical information. For instance, if your company was broken into and a files of customer data were taken, would your first step be to get that data back or would it be to call the police? If you would do this in the case of a physical breach, then why would you not do it in the case of a computer hacking?
It is imperative that you have a contingency plan in place in the event of a system hack, and the first step of that plan is to contact authorities immediately with information such as what information has been possibly breached, when and where the hacking took place, if it was a single computer or system hacked or if it was a companywide hacking where more than one computer was breached.
This information will help law enforcement officers determine whether it is simply a viral or malware attack or a higher level breach taking place, whether it is an isolate incident that can easily be patched by your IT or if it is an ongoing attack from a known hacker source. This, in turn, can help your IT department to determine the next step to take in getting your data back online and preventing any further hacking from taking place.