‘It won’t happen to me or my business’. We’ve all likely thought it. But what if it does happen? What if your organisation is breached? With human error being the main cause for cyber breaches, here’s what you should do if you or your organisation fall victim…
Firstly, if you are aware a breach is happening or has happened, tell someone immediately. Tell your manager, boss, CEO, and make sure you tell your IT team/support service. Even if you discover a breach happened weeks prior, you need to tell someone to prevent further damage.
Once you are aware of the breach, you must then assess the situation and determine whether you need to shut out the attacker. You may need to take systems offline to minimise damage.
The next step is to reset all the passwords that you possibly can. If an employee’s password was stolen or hacked, you’ll want this changed as soon as possible to prevent further attacks.
Once you have resolved the situation, now is the time for review. How did it happen? Why did it happen? It’s not a case of finding someone to blame. But an opportunity to learn and implement defences to stop it from happening again.
Of course, we’d recommend taking as much action as possible before you get breached. Use Cyber Essentials to bring your network up to a good standard of security. And if you want to take this further, gain your Cyber Essentials +. You could also put your business through ISO27001 to show how seriously you are taking data security.
You must also train your team. Every employee from junior to senior management need cyber security training. This can be regular in-house training or short videos and online courses. Everyone learns in different ways. We provide Security Awareness Training through our partnership with Mimecast. Find out more.
Always remember that breaches don’t just happen due to ‘technical errors’. Human error always plays a significant role in successful attacks.
What is Phishing?
Phishing is a form of cybercrime which targets victims by email, SMS or telephone. Criminals will pose as legitimate organisations to trick you into revealing sensitive data, such as bank details or passwords. This then results in identity theft or financial loss.
What is Ransomware?
Ransomware is a type of infectious software designed to prevent you from accessing your files, databases, and applications until a request is fulfilled; this is typically a payment to the attacker.
What is Zero Trust?
Zero trust is a strategic approach used by organisations. It includes both employee attitude and security policies put in place, encouraging employees to validate every action they take.