This was partially due to the fact that there are so many more small businesses than large businesses, but it is also because smaller businesses don’t have the same resources at their disposal to defend against hack attacks. What should you do after your website has been the victim of a cyber attack?
You can’t deal with a cyber attack if you aren’t aware of it. A director of Microsoft Asia said that it takes an average of 200 days for small businesses to find out they were hacked. That’s more than enough time to steal the credit card information of your regular customers and other important information. Warning signs include computers, servers, and websites operating slower than normal.
Call in your IT team to investigate the suspected hack or call in digital forensics experts to determine the scope of damage. The team at SecureForensics forensic investigation will be able to determine how it happened, map out what they’ve done, stop it from continuing, and develop a plan to protect against future attacks.
You need to recover your systems. This may include restoring uncorrupted data from backups or mirroring your website so that it is back up and running. You’ll need to restore your operating systems to their original condition, plus the patches or security software upgrades they were previously lacking. As part of this process, you need to implement up-to-date security upgrades. Later, you’ll need to make certain that IT management keeps these patches and IT security tools up to date.
You need to understand the impact of the hack to respond appropriately. For example, you need to know if customers’ personal data was breached so you know the legal implications of the breach. If their data was stolen, then you may be legally obligated to inform your customers of the hack attack. If your financial accounts were compromised, you will need to notify your bank or freeze your accounts. Depending on the situation, you may need to file a police report. That is essential if your business’ bank accounts were drained.
You may need to train employees how to identify phishing attacks and not fall for them in the future. Teach them how to verify the identity of someone before resetting accounts or giving them sensitive information.
Your IT team may install better anti-virus and anti-malware tools on your network. Host intrusion detection or a better firewall may be on the list. Better automated backups of mission-critical data systems minimize the data loss if you have to wipe a corrupted database. Improved password management may stop a hacker who gets one admin password from accessing other systems. If the point of failure was an employee bringing a personal device to work, either limit their ability to use their own devices for work or require them to have company approved anti-malware installed on their personal devices.
Small businesses are under attack whether they know it or not. You must know how you’re going to deal with a hack attack appropriately as quickly as possible to minimize the harm and prevent it from destroying your business.