Whether you are a one-man operation or a great many in number, every business is potentially at risk of a security breach. Small businesses are, in many ways, more vulnerable to attack than large corporations, as hackers know that the budgetary restraints of the smaller company makes them less likely to invest in decent security technology.
Even if you have taken steps to secure your information, nothing is completely foolproof. If you have detected that your business has suffered a security breach, here are some immediate steps to take to minimise your losses, and to help you get back into operation as soon as possible.
1. Contact the professionals
If you already have a relationship with an information security company, great. If you don’t, then now is the time to get in touch. Professional companies are able to respond professionally to your situation and help you minimise your losses.
2. Do not reboot
Restarting any machines or systems could hamper the recovery process, so do not be tempted to do this if you become aware of an intruder in the system.
3. Make notes on paper
Don’t start trying to track down the intruder yourself – leave this to the professionals. What you can do, however, is to make notes of what you noticed, what you did about it and the precise time and date. Not only will this help your security company deal with the threat, it could become valuable evidence in any legal proceedings that follow later.
4. Notify management, and anyone else who needs to know
Don’t send an email around about the situation, as this could alert the intruder to your discovery. Instead, call the people that need to know about the situation, but try to do this as calmly and discreetly as possible. The last thing you need is a mass panic and work grinding to a halt because somebody’s tripped the alarm.
5. Appoint a PR person
Give someone the task of fielding enquiries from the press or general public, just in case the situation gets leaked outside the company. Sometimes a perceived ‘incident’ turns out to not be an incident at all, but simply a misconfiguration somewhere in your network. The last thing you want is media attention before you even know what’s happening.
6. Let your information security company do their job
When you call in the professionals, they will be able to download information and conduct network forensics to find out who breached the system and when, giving you a better chance of recovery and prosecution. Avoid hassling them with questions about when they will be done or what they’ve found, and give them the space to get on with their job.
7. Learn from your mistakes
Once everything is back up and running, it is important to dissect what happened and learn from your mistake(s). Your information security company will be able to help with this in many ways, but it will be up to you to take appropriate steps to avoid this happening again in the future, most importantly.
In the days and months following a breach, it is important to monitor your accounts and information very closely to detect any further unusual activity early on. You could have been compromised when your security was breached, so stay alert to any out-of-the-ordinary activities to ensure you minimise any ongoing impact.
About the Author: This article is written by Ben Williams