Loading...

E-security. A serious business responsibility. (September 2021)

Published September 2021

E-security. A serious business responsibility.

What to do if you are hacked.

Jean-Pierre Murray-Kline - E-security. A serious business responsibility

 

The e-safety of a business is not just a concern for the office nerds. Operational, legal, accounting, all departments can be effected and therefore preparation to mitigate the risk and damage of cyberattacks falls on everyone’s shoulders.

If you believe your business is immune to this threat you are wrong. Next to Climate Change, and at a global scale, E-Security is one of the greatest threats to our economy. The attack can come in all sorts of shapes and sizes from hackings, to ransomware, data breaches and e-manipulation and e-fraud. There are countless and ever evolving types. A successful attack can take months to resolve. Recovering data, managing fall out, the legal ramifications, restoring your reputation and replacing equipment will be horrible thorns in your side.

Business is already so difficult, so why not give yourself a fighting chance by preparing an e-attack response plan?

 

This ‘plan’ does not need to be an entire book with chapters of jargon. In fact I recommend a simple document be prepared with concise and easy to understand points. Avoid unnecessary jargon, waffle and ambiguities. Anyone in your office who picks up this plan needs to be able to act on its notes.

 

The decision to be made now is do your create this plan yourself or get professional help? There are consultants (such as myself) and 3rd party suppliers who offer the service. Let me give you some points to ponder on.

 

The industry refers to this plan as a Cybersecurity Incident Response Plan, or CIRP for short. This plan as a template can have around six or seven areas to focus on, but before I work through these, let me give some pre-points and tasks any business should be applying their mind to from the get go.

  • What is an e-attack?
  • Where can an attack come from?
  • Who is your response team?
  • How much damage can an e-attack cause your business?
  • How do your team apply their minds to assessing e-vulnerabilities? (Lots to think about: networks, devices, software, websites, Apps and even your secretary’s cell phone which uses the office internet.)
  • Does your team have and maintain a short list of about 5 to 20 most probable types of e-attacks? Does the list explain what shape and form these take and their angles of attack?
  • Does everyone in your business have and understand this ‘risk list’?
  • Make sure everyone in the entire business gets this list.
  • Has your legal department or even lawyer applied their mind to legal ramifications and risks? (You will be surprized how few lawyers are even equipped to deal with e-attack, and don’t even get me started with some of the authorities)
  • Has someone in the office been appointed to track e-trends (1 hour a month) and update the management team?
  • Does your office do e-tests drills? (Like a fire drill, but with your tech)
  • Has anyone chatted to your insurance company to see if they cover e-risks?
  • Has each staff member agreed to educate themselves on this important business need? Over 50% of e-attacks originate from a staff or supplier who practice silly e-behaviour. Do you have something in your employment and supplier contracts that guides e-behaviour?

The unfortunate truth of the matter is no matter how much we do, there is no 100% guarantee to avoid an e-attack. Remember, an e-attack is a criminal act, and we need to plan for the worse and hope for the best.

Depending on the complexity of your business, and after using your own noggin (or after chatting to me) your plan will include some of the following points, but perhaps more.

 

1. Identification. This includes confirming the breach criteria, working out the incident scope. Tackle the questions on when, who and how?

What has actually been compromised and what other areas or systems and operations are now exposed and vulnerable, and do not forget clients, suppliers and 3rd parties.

If required, please bring in e-forensic team as soon as possible, especially if e-money or online transactions form part of the catastrophe.

Get interviewing people involved and document as much as you can.

Try and work out the overall intent and objective of the e-attack.

 

2. Containment. Work out if you are dealing with an active (ongoing) or passive (has happened) situation.

Go to town on an e-lock down, which can include quarantining infected computers, unplugging devices, isolating gadgets, changing passwords and access authorities / permissions.

Remember, during an e-attack, the e-intruder rarely gains immediate and full access to all your gadgets or the intended final e-target, so think smart and make life very hard for them.

Ponder on what can be done to stop further damage? How can you save data and allow for operations to continue.

 

3. Reporting. Computers and devices can have a number of record storage systems, and these can be used to collect evidence and data for reports. Just remember, malware will often attempt to cover its tracks after an attack so move quickly and get a nerd involved if required.

Depending on the nature of the e-attack, you have around 72 hours to report to law enforcement and applicable authorities. I encourage you to have a very quick chat with your lawyer (or another equally experienced professional) to ensure you are providing information that helps the situation without subjecting your business to more liabilities.

 

Here are some contacts to use:

If you are in South Africa, you need to report the issue to SAPS. Go to a police station or call CrimeStop on 0860010111. But don’t stop there, if you are dealing with e-financial issues, also contact the Anti-Corruption and Fraud Hotline (SARS) on 0800002870. Then, visit these two websites:

These sites are often updated, so always review and then pursue suggested avenues they propose.

If you become aware that the e-attack involves international shananigans, you might want to consider visiting these sites and taking further steps:

 

It is important you report the incident in a timely manner. Sharing what you are aware of related to the e-attack + what action you have taken so far + actions you intend to still consider taking, will in general help your situation.

Reporting does not end with law enforcement. You need to notify effected or potentially at risk clients, staff, suppliers and 3rd parties. Again, do this after a quick chat with your lawyer. If client, supplier or staff data has been breached and you fail to act, you can be subjected to major fines or even imprisonment in terms of POPI if you are found to have been negligent.

Open a channel of communication which is able to deal with legalities, risks, concerns and other mitigating factors for clients, suppliers and staff.

 

4. Eradication. This step really does need the support of your tech nerds. The team needs to attend to the root / source of breach, then remove offending: data / programs / artefacts / malware.

Do not ‘eradicate’ evidence!

 

5. Recovery. Again this step needs the nerds, but if the situation turns out to be about an e-ransom, you need to involve a professional to deal with the negotiation.

If possible, roll back and restore data and programs to a date you know things were safe. Regardless, check that the ‘vulnerability’ is not reinstalled and if there was an open door for the criminal, make sure this is patched and closed before you go back ‘online’.

 

6. Assessment. Points 1-5 help mitigate damage and show care for those effected. It will now be time to call the management and operations team together to assess the e-attack and create a formal response to the situation going forward. This needs to include an in-depth assessment of damages caused and what further mitigation needs to take place. Do not neglect a thorough investigation into the attack and offending parties. Make sure this is well documented and even done impartially by a 3rd party.

Every lesson learnt must be implemented so your business becomes more robust for the future.

 

7. Act. The final and biggest step left is to manage client and supplier relationships in a genuine and exemplary manner. Authenticity, honesty, good intent must be the themes of every act.

Aim that all affected parties reach a formal resolution. Get signatures so liability loops are closed.

Follow up with Law enforcement to try and get the case resolved. This will require extra work.

Take legal and criminal action against the perpetrators. Unfortunately, this might include staff members or suppliers.

Process insurance claims if you have any available.

Update your ‘plan’.

 

To end, here are a few final nuggets.

  • People are the weakest link in the chain. When it comes to protecting or processing data, any lack of diligence can have serious ramifications for the business.
  • Training workshops with your full company are very helpful. This is something I can offer.
  • Backups + access integrity + automated alerting systems are three practices (tools) I believe offer your business a great form of defence.
  • Depending on the size of your business, media/PR training will be a good idea. I can help with this.
  • For larger organizations using 3rd parties for data storage and processing, run background checks if not audits every two years or so. Reputations can change.

 

*** That’s wrap! Remember to share.

 

 

About Jean-Pierre Murray-Kline

He is a Business and Environmental Technologist. An entrepreneur who runs several online businesses. He is a published Author who researches, consults and facilitates strategy sessions about the most important matters affecting our generation and the changes to technology, business and the environment. Services include:

  • Digital Architect & Scenario Planning.
  • Online Marketing
  • Keynote Talks

Jean-Pierre Murray-Kline

Future Thinker. Innovator. Change Expert. Industry 4.0 & IoT Specialist. Green & Sustainable Solutions. Digital Marketing, Security, Devices & Trends. Author, Consultant, Project Manager & Scenario Planner.

www.jeanpierremurraykline.co.za

Website: www.jeanpierremurraykline.co.za
Facebook: (100k Followers): https://www.facebook.com/jeanpierremurrayklineSA/
Youtube: https://www.youtube.com/channel/UCznh5iRKs5OX6sMwOgdxPvA
Twitter: https://twitter.com/PierreMurray
Linkedin: https://www.linkedin.com/in/jean-pierre-murray-kline-717b3a99/

#southafricancybercrimesact
#sacybercrime
#southafricanpoliceservice
#ecrimes

Published September 2021

Read more articles

Disclaimer:

  • While I attempt to ensure information is accurate and up-to-date at time of publication, I will not accept liability should information be used, and found to be incorrect. If you do see an error, please let me know.
  • The links, images, videos and/ or text from this article are not necessarily under my direct management, ownership or care. Should you be the owner or manager of any content herein, and wish for the content to be removed, please let me know and it will be done.