What to Do Once You’ve Been Hacked

Last month, our CEO Brian Brammeier presented on hacking and what to do once you have been hacked. For a copy of this informative presentation in its entirety click here.

Some of the key takeaways from this presentation are:

How do you know if you’ve been hacked?

Understanding the various types of hackers and their goals will help you to better understand how you could become a victim of a hacking. Certain businesses, such as law firms, are becoming prime targets for hackers looking for sensitive data that is inadequately protected.

What are the most common types of hacks?

Hacking in its most basic form is privilege escalation; making the computer or device do something you are not supposed to be doing. Other types of techniques are keylogger attacks, denial of Service (DoS\DDoS), fake WAP, eavesdropping, phishing, viruses such as a Trojan etc., clickjacking attacks, cookie theft, bait and switch, and attacks by an employee.

What steps should you follow once you’ve been hacked?

Do you have a Hack Action Plan? Train your staff to follow a step by step Hack Action Plan to identify an attack and to get back to business as usual as quickly as possible. These are the steps to implement in the event of a hack:

Step 1: Confirm the attack and check if your computers or networks have been compromised. Start by looking at your log files. Skilled hackers can cover their tracks and delete log files, you may notice your system behaving abnormally, find malicious files on your computer, or receive an extortion attempt.

Step 2: Contain the attack. When investigating security breaches, valuable “volatile data” is lost when systems are powered down, including RAM contents and active network connections. Consult a security expert to fully understand the options and ramifications when determining your initial response. Having backups are critical at this step.

Step 3: Understand and investigate the attack. You will need to find out how deep hackers penetrated your systems and networks and what was accessed, stolen or destroyed. It is also important to send your log files offsite.

Step 4: Report the attack. Depending upon the type of breach and level of risk, you may need to report the attack to the FBI. Money laundering, extortion or other forms of financial fraud must be reported immediately to the local authorities.

Step 5: Determine the cause. You must pinpoint how the attacker first penetrated your network. It is critical to find out if the hackers can still access your systems while you’re initiating recovery.

Step 6: Do you need to communicate the attack? Determine how you will communicate with affected employees, vendors, customers, and partners detailing the extent of the hack. Depending on the type of business you operate and the information that was compromised, you may be legally obligated to detail the hacking to those affected.

Step 7: Remediation. Develop a Business Continuity Plan (BCP) for increasing your IT security so you can identify and defend against future attacks.

Step 8: Proactive security protection. There is a quantifiable advantage and improved ROI on IT security budgets if you develop a plan for monitoring, investigating, and remediating. Prevention will come down to people, processes and technology all working together to keep you safe.

How can you protect your business from hackers?

The best offense is a good defense. Be proactive in prioritizing network and system security. Make sure that you consistently log files and routinely backup everything that is pertinent to your business off-site with proper encryption. It is also a good idea to periodically perform vulnerability and penetration testing.

What if I can’t afford to adequately protect my business from hackers?

The reality is that you cannot afford to ignore this threat. Many businesses that ignore the need to strengthen their security find out the hard way that they simply cannot recover after a hacking. They fail to anticipate the amount of downtime a hack can cause and they also underestimate what a security breach can do to their reputation.