Companies that fall victim to a cyberattack have a strong possibility of being attacked again, because cybercriminals expect the company to have not taken the proper precautions and left the same vulnerabilities that allowed the initial cyberattacks to happen. Therefore, it is important to know exactly what to do after a cyber-attack or data breach.
“Organizations that do not take the opportunity to apply lessons learned and better prepare for their next encounter with an adversary may well experience attacks that result in additional data loss, ransom demands, extortion or other losses monetary charges that require expensive legal fees, response services and perhaps even a future business interruption“, reads the report from Crowdstrike Services Cyber Front Lines.
It is important to point out that, until the origin and dimension of the cyberattack is understood, the communication that passes to the outside must be moderated, avoiding immediately talking about a breach of security.
But after all, what to do if your company suffers a cyberattack?
1 - Problem verification/investigation
It is essential to understand the source of the attack, identify the affected systems and the consequences of this situation. A specialist forensic team should be involved to initiate the investigation process.
2 - Problem Communication
Problem communication should be done in two phases. In a first stage, at an internal level, that is, we must inform the company's employees and, in a second stage, if the incident results in a breach of personal data, the company must notify the supervisory authority without undue delay and, at the latest, , within 72 hours after becoming aware of the violation, in addition to which you will also have to inform customers, suppliers and, if necessary, the general public, through a press release, for example.
3 - Data Protection/Prevention
What measures should be taken to resolve the breach of security or minimize the impact of the breach on data subjects?
The organization must be able to regularly assess its level of internal security, through audits, define and implement security policies and make its employees aware of the issue of information security. It is also important that they adopt stronger passwords and multiple-factor authentication and that regularly carry out penetration tests to find out where vulnerabilities are on the network and whether intrusions can be detected.
Strongstep has a set of cybersecurity experts ready to ensure your company's success in improvement and certification activities. Contact our team.
Find out how we can contribute to the security of your organization by offering training and certification in our
areas of operation.