Published September 2021
What to do if you are hacked.
The e-safety of a business is not just a concern for the office nerds. Operational, legal, accounting, all departments can be effected and therefore preparation to mitigate the risk and damage of cyberattacks falls on everyone’s shoulders.
If you believe your business is immune to this threat you are wrong. Next to Climate Change, and at a global scale, E-Security is one of the greatest threats to our economy. The attack can come in all sorts of shapes and sizes from hackings, to ransomware, data breaches and e-manipulation and e-fraud. There are countless and ever evolving types. A successful attack can take months to resolve. Recovering data, managing fall out, the legal ramifications, restoring your reputation and replacing equipment will be horrible thorns in your side.
Business is already so difficult, so why not give yourself a fighting chance by preparing an e-attack response plan?
This ‘plan’ does not need to be an entire book with chapters of jargon. In fact I recommend a simple document be prepared with concise and easy to understand points. Avoid unnecessary jargon, waffle and ambiguities. Anyone in your office who picks up this plan needs to be able to act on its notes.
The decision to be made now is do your create this plan yourself or get professional help? There are consultants (such as myself) and 3rd party suppliers who offer the service. Let me give you some points to ponder on.
The industry refers to this plan as a Cybersecurity Incident Response Plan, or CIRP for short. This plan as a template can have around six or seven areas to focus on, but before I work through these, let me give some pre-points and tasks any business should be applying their mind to from the get go.
The unfortunate truth of the matter is no matter how much we do, there is no 100% guarantee to avoid an e-attack. Remember, an e-attack is a criminal act, and we need to plan for the worse and hope for the best.
Depending on the complexity of your business, and after using your own noggin (or after chatting to me) your plan will include some of the following points, but perhaps more.
1. Identification. This includes confirming the breach criteria, working out the incident scope. Tackle the questions on when, who and how?
What has actually been compromised and what other areas or systems and operations are now exposed and vulnerable, and do not forget clients, suppliers and 3rd parties.
If required, please bring in e-forensic team as soon as possible, especially if e-money or online transactions form part of the catastrophe.
Get interviewing people involved and document as much as you can.
Try and work out the overall intent and objective of the e-attack.
2. Containment. Work out if you are dealing with an active (ongoing) or passive (has happened) situation.
Go to town on an e-lock down, which can include quarantining infected computers, unplugging devices, isolating gadgets, changing passwords and access authorities / permissions.
Remember, during an e-attack, the e-intruder rarely gains immediate and full access to all your gadgets or the intended final e-target, so think smart and make life very hard for them.
Ponder on what can be done to stop further damage? How can you save data and allow for operations to continue.
3. Reporting. Computers and devices can have a number of record storage systems, and these can be used to collect evidence and data for reports. Just remember, malware will often attempt to cover its tracks after an attack so move quickly and get a nerd involved if required.
Depending on the nature of the e-attack, you have around 72 hours to report to law enforcement and applicable authorities. I encourage you to have a very quick chat with your lawyer (or another equally experienced professional) to ensure you are providing information that helps the situation without subjecting your business to more liabilities.
Here are some contacts to use:
If you are in South Africa, you need to report the issue to SAPS. Go to a police station or call CrimeStop on 0860010111. But don’t stop there, if you are dealing with e-financial issues, also contact the Anti-Corruption and Fraud Hotline (SARS) on 0800002870. Then, visit these two websites:
These sites are often updated, so always review and then pursue suggested avenues they propose.
If you become aware that the e-attack involves international shananigans, you might want to consider visiting these sites and taking further steps:
It is important you report the incident in a timely manner. Sharing what you are aware of related to the e-attack + what action you have taken so far + actions you intend to still consider taking, will in general help your situation.
Reporting does not end with law enforcement. You need to notify effected or potentially at risk clients, staff, suppliers and 3rd parties. Again, do this after a quick chat with your lawyer. If client, supplier or staff data has been breached and you fail to act, you can be subjected to major fines or even imprisonment in terms of POPI if you are found to have been negligent.
Open a channel of communication which is able to deal with legalities, risks, concerns and other mitigating factors for clients, suppliers and staff.
4. Eradication. This step really does need the support of your tech nerds. The team needs to attend to the root / source of breach, then remove offending: data / programs / artefacts / malware.
Do not ‘eradicate’ evidence!
5. Recovery. Again this step needs the nerds, but if the situation turns out to be about an e-ransom, you need to involve a professional to deal with the negotiation.
If possible, roll back and restore data and programs to a date you know things were safe. Regardless, check that the ‘vulnerability’ is not reinstalled and if there was an open door for the criminal, make sure this is patched and closed before you go back ‘online’.
6. Assessment. Points 1-5 help mitigate damage and show care for those effected. It will now be time to call the management and operations team together to assess the e-attack and create a formal response to the situation going forward. This needs to include an in-depth assessment of damages caused and what further mitigation needs to take place. Do not neglect a thorough investigation into the attack and offending parties. Make sure this is well documented and even done impartially by a 3rd party.
Every lesson learnt must be implemented so your business becomes more robust for the future.
7. Act. The final and biggest step left is to manage client and supplier relationships in a genuine and exemplary manner. Authenticity, honesty, good intent must be the themes of every act.
Aim that all affected parties reach a formal resolution. Get signatures so liability loops are closed.
Follow up with Law enforcement to try and get the case resolved. This will require extra work.
Take legal and criminal action against the perpetrators. Unfortunately, this might include staff members or suppliers.
Process insurance claims if you have any available.
Update your ‘plan’.
To end, here are a few final nuggets.
*** That’s wrap! Remember to share.
About Jean-Pierre Murray-Kline
He is a Business and Environmental Technologist. An entrepreneur who runs several online businesses. He is a published Author who researches, consults and facilitates strategy sessions about the most important matters affecting our generation and the changes to technology, business and the environment. Services include:
Future Thinker. Innovator. Change Expert. Industry 4.0 & IoT Specialist. Green & Sustainable Solutions. Digital Marketing, Security, Devices & Trends. Author, Consultant, Project Manager & Scenario Planner.
Facebook: (100k Followers): https://www.facebook.com/jeanpierremurrayklineSA/
Published September 2021Read more articles