We hope you’ll never need this one, but what should you do if you think your business has been hacked? Read on to learn more.
What are the signs that you’ve been hacked?
If you have an IT company who are running hourly scans, they should be able to pick up on any problems before they actually become problems.
However, if you don’t have that there are some things you can look out for:
- Receiving a higher number of ‘dodgy’ emails with attachments than usual – this can mean you’re being targeted, and you should make sure no-one has downloaded anything they shouldn’t have
- An unusual increase in DNS traffic can indicate your servers have been compromised
- User accounts exhibiting out-of-the-ordinary could indicate that unauthorized third parties have gained access
As always, prevention is better than cure so have a read of our recent post 4 reasons you should be bumping backups to the top of your to-do list <link>
You’ve noticed suspicious activity, now what?
If you notice a problem but you’re not entirely sure what’s wrong, contact an IT Support company ASAP. If you don’t have an IT company and there’s going to be a bit of a wait for support, you won’t do any harm by turning off all of your systems until you’re able to speak to someone about what’s happened. This will stop whatever it is spreading through your network, and will buy your IT provider some time when it comes to isolating the hack.
Make sure staff are up to speed
Depending on your industry, a breach could be absolutely devastating to your reputation so it’s really important that everyone knows what’s happening and how to handle calls with customers to give a consistent message. That aside, it can also be quite scary for everyone, so making sure the whole team are kept up to date with what’s going on can help quell any rumours and rising panic.
Has someone gained access to customer data?
When you know a bit more about what has happened, if it becomes clear that an unauthorized third party has had access to customer data, you need to report a data breach to the ICO under GDPR rules. If you try to cover it up and someone else reports it before you do, you could end up with a hefty fine – and you really don’t want to compound your problems.
Find out how it started
Once your IT provider has got you back up and running, if you don’t already know where the vulnerability was it’s a really good idea to find out how the hacker gained access to your system. Was it human error with someone downloading a dodgy PDF from an email or entering login details into a fake website? Did hackers guess passwords using a brute force attack? Or is there another way into your system.
Identifying what exactly happened is really important to make sure something similar doesn’t happen in the future. This might mean more training for staff, a new password creation policy with passwords which are harder for hacking software to guess, or new security software to stop people exploiting a system vulnerability.
The sad truth for us, is that although we can talk about preventative measures until we’re blue in the face, often people don’t think about taking preventative measures until at least some amount of damage has been done. If you don’t have backups or a disaster recovery plan, or you have those things but they haven’t been reviewed in a number of years, please get in touch – we’d much rather help you with prevention than see you fall victim to cybercrime!
Give us a call on 01732 617788 or drop us an email to [email protected].