by Rob Pooley

Solutions Director

Connect with  on Linkedin Connect with Rob Pooley on Linkedin

How to recover from a cyber attack

More companies are falling victim to cyberattacks as a wide range of harmful software, social engineering schemes and scams threaten to compromise the personal information and online safety of their clients. With cybercrime rates on the increase every year, it is important for businesses of all sizes to have a recovery plan in place to mitigate any losses.

In the unfortunate event of a data breach, these are the steps you should take to recover.

Identify and contain the problem

On average, companies do not know about data breaches or cyberattacks until at least 200 days after they have occurred. As soon as you become aware of a security incident, the first step is to identify and contain the problem.

Having all of the correct facts will go a long way to help formulate an effective response plan, and better inform your communications with customers. When identifying a data breach, ensure that you document the following:

  • When it took place
  • How it will affect customers
  • What assets were affected
  • Who are the victims
  • The type of attack

To contain and remove the issue, your IT department should be ready to spring into action. To ensure that they are prepared for such a task, any business owner should hire a cybersecurity specialist or send their IT staff for cybersecurity training. They should be prepared to:

  • Separate sensitive data from the network. If banking and login information is not encrypted, do so now.
  • Reset all affected logins. All parties affected by the cyberattack should have their login details changed and the new passwords should be secure in that they have uppercase letters, lowercase letters, symbols and numbers. Saepio recommend using two-factor authentication to tighten up security and simplify password management.
  • Reinstall affected files. Any programs that have been affected by the attack should be uninstalled and reinstalled so that the infection cannot spread.
  • Disconnect affected hosts. Once it has been disconnected, the host is no longer available and can no longer be subjected to the cyberattack.
  • Apply security patches if necessary. This software is designed to update any programs or operating systems, fixing vulnerabilities and other bugs that could compromise your online security.
  • Remove all files installed by the attack. After they have been isolated, your IT analysts will investigate them to gain a better understanding of the attack, potentially identify the attacker and identify any security vulnerabilities.

Inform your customers promptly

Companies tend not to have a history of responding to cyberattacks in a timely manner. While they react quickly by containing the breach, it is often months before they address the general public and even those affected by the incident.

The mobile phone operator TalkTalk was criticised for waiting to inform customers of its data breach in 2015, and things haven’t improved over the years. In 2016, Yahoo took five months to respond to customers who had their data stolen. It is this kind of behaviour that causes companies to lose customers and even sets them up to face class-action lawsuits. In fact, TalkTalk lost 101,000 customers as a direct result of its data breach. EU legislation is promoting change on this front through significant financial penalties when detailed breach reports are not publically reported soon after an incident.

The solution is to act quickly and ensure that you have a response plan ready long before any cybercrime has occurred. Liaise with your PR and Marketing departments to prepare communications that you can issue in the event of a data breach. It should include information about compensation and outline any steps that you’re taking to prevent future security incidents, such as implementing new cybersecurity protocols. When the time comes to distribute this information, your IT team will be involved to fill in the specific details.

A good example of an effective cybercrime response is Home Depot. In 2014, the company faced a data breach that compromised the banking information of its customers. Its PR team took to social media right away, informing customers that staff are looking into the issue and working with law enforcement. Usually, organisations that experience data breaches lose customers face financial challenges, Home Depot actually saw a 5.7 percent increase in net sales during the following quarter. A proactive approach to communication encourages a positive effect on the fallout.

Prevent future breaches

In the event of a data breach, it is important that you have the right professionals on board to help your business recover. Enlisting in the help of cybersecurity experts like Saepio can help you save considerable sums as your company aims to contain a data breach and respond to the affected parties.

  • Appoint a Chief Information Security Officer or ‘Virtual CISO’. This staff member is responsible for developing and implementing a program that protects all communications, systems and assets from all types of security threats.
  • Involve a Business Community Manager. This professional is responsible for your brand’s image in the online world. They will handle online communications with customers and press, and they play a key role in crisis management.
  • Compile an Incident Response team. It is their job to react to any cybersecurity threats or incidents in a timely manner. They will analyse the incident in order to identify, contain and eradicate the issue. This team should include professionals from various departments like business managers, IT staff, legal representatives and human resources employees.

Tighten up your defence

The best defence is a good offense, so companies should be proactive in preventing cyberattacks from occurring in the first place. Since 66 percent of data breaches are caused by employee negligence, business owners should take measures so that there are no insider threats. As such, all staff members should be trained in the best practices for cybersecurity.

Being prepared and acting quickly are vital to helping your company recover from a cyberattack as effectively as possible. Your customers will appreciate that you’ve taken action promptly to protect them, which goes a long way to maintaining a successful and profitable business in light of a data breach.

Incident, Detection and Response Guide

Most IT departments are proud of their wall mounted LCDs displaying their network, monitoring performance and availability and alerting to issues. Conversely, most organisations are in the dark when it comes to security visibility.

Read more in our Incident, Detection and Response Guide.

Ransomware Protection Guide

It’s our job at Saepio to understand the latest tactics of miscreants in the cyber world and deliver appropriate protection to our customers. Presently, the most successful widespread and targeted attacks involve intelligent exploits to deliver malware often in the form of ransomware payloads.

Statistics show that 50% of organisations have experienced an infection and in 40% of cases the ransom is paid. It’s a profitable industry, therefore booming. Saepio offer objective advice and effective solutions to combat these threats.


Read more in our Ransomware Protection Guide.

Business Email Compromise Guide

Business Email Compromise can impact your company assets, your supply chain, your customers and your brand.  These fraudulent emails are getting more sophisticated, more regular, more targeted and more difficult to detect. Ultimately they are causing businesses of all sizes significant losses.

Read more in our Business Email Compromise Guide.