Responding to a Cyberattack - What to Do When You Get Hacked: A Small Business Guide

All businesses should operate under the assumption that a cybersecurity incident can occur at any moment. This stance also prepares them for the immediate aftermath; knowing what to do after a cyberattack is crucial when time is of the essence. 

One of the biggest problems facing cybersecurity today is the belief on the part of the individual or company that it will not happen to them. The idea of getting lost in the crowd is very appealing – it’s a key reason people are caught completely by surprise, unaware of what to do next. 

Large companies have systems in place, including response plans that cover the aftermath of a cyberattack, but small companies sometimes don’t deploy organization-wide protection and don’t consider online threats as a real problem. 

“Why would they go after me?” is a question that has led to the downfall of many organizations, and it is only matched in its potential damage by another common question: “What do we do now?” 

Types of attacks and the desired response

While ransomware attacks attract a lot of attention in the media, they are not the only ones threatening companies worldwide. They have direct and destructive effects, but they shouldn’t be the only focus when building and deploying cybersecurity in a company. 

Phishing attacks

Not surprisingly, phishing is one of the most common attacks. Both people and companies face it on a daily basis. 

In many situations, phishing attacks can be prevented by training people to recognize them out of the gate if the attacks somehow end up bypassing security measures. However, some messages can trick even the most cautious employees. 

Attackers often try to persuade people in an organization to share their credentials willingly, click on links, or open attachments. Each action can diverge into secondary attacks, which is why criminals often prefer phishing as a point of entry.

If such an incident occurs, the company has a few courses of action at its disposal:

• Immediately change any compromised credentials
• Inform all employees of the breach to avoid further damage and make sure that everyone has new and unique credentials
• Review email logs to identify other potential victims
• Improve email filtering and deploy more comprehensive employee training so the incident can also be used as a teaching opportunity

Ransomware

Ransomware attacks can be devastating for large companies, so imagine what it would do to smaller ones. In such cases, attackers will likely steal every bit of private data they can and eventually lock out the systems, demanding payment for decryption keys. They will also use the stolen information to blackmail the company into paying. 

An employee falling for a phishing attack and opening an attachment is a common way to compromise the system, and maybe the entire network. 

Companies have a few recourses that always need to be taken into consideration:

• Isolate infected systems to prevent the spread of ransomware as much as possible
• Contact police and cybersecurity experts. They will help you determine what was stolen and what was the point of entry
• Avoid paying the ransom because there’s no guarantee the attackers will provide the keys or that the keys will even work
• Restore data from secure backups if possible
• Strengthen backup and recovery processes, and consider getting a cyber insurance

Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) Attacks

DDoS attacks have a clear target: overloading a system or network with traffic and making it unavailable to the outside world. It can also be used to deploy more complex attacks. 

Customers’ inability to place orders, receive invoices, and communicate with the company is almost as bad as a ransomware attack. However, companies need to know what to do if they face such problems. 

• Companies should know in advance who to work with at their ISP to block malicious traffic if needed
• Organizations, especially those using front-facing online services, should employ DDoS mitigation resources to analyze and recover, if necessary
• In the event of DDoS attacks, it’s also essential to review server configurations to prevent future overloads
• It’s a good practice to monitor traffic patterns for anomalies so that DDoS attacks don’t take the company by surprise.

Data breaches and insider threats

We usually hear about data breaches when attackers compromise systems and steal critical information, but data can also be breached when people make mistakes and misconfigure online services and servers. 

It also pays to be aware of insider threats, people inside the company that can have malicious intentions or carry out unintentional actions that harm the organization.

Here are a few necessary steps when each of these scenarios happens:

• Companies need to notify affected parties promptly as required by law
• Investigate and patch vulnerabilities exploited during the breach
• Work with legal counsel and compliance officers
• Enhance encryption and access controls
• Revoke access privileges for involved individuals
• Provide training on data handling policies

Supply Chain Attacks 

While not as flashy as some of the other cybersecurity incidents, supply chain attacks are dangerous because they are usually designed to stay under the radar. This usually happens when a third-party vendor is compromised and that vector is used to infiltrate another company. 

For example, the company might use a certain type of software to which attackers have gained access. A new update arrives for that software, and the company deploys it, not knowing they’ve provided attackers with a backdoor. 

When something like this happens, a few steps are obligatory: 

• The company needs to notify the vendor and other customers immediately
• Verifying and patching systems to eliminate backdoors is crucial
• Reevaluate vendor relationships and audit their security
• Enhance vendor risk management practices

 Conclusion

These are just some of the most likely scenarios a company will face, and it’s not useful to think that it won’t happen to you. Any damages caused by such attacks will always be more costly than any investment in security solutions. Knowing the right thing to do after a cyberattack is just as important. 

Bitdefender Ultimate Small Business Security is an extended version of our consumer-friendly security suite that covers every attack scenario, protecting your firm’s precious assets before the bad guys set foot in your network. Best of all, it can be administered by anyone in your company – no IT skill set required. Visit our website to see Bitdefender Ultimate Small Business Security in action.