I know I’ve mentioned this before, actually many times, but cyberattacks have been getting worse year after year. Especially hard-hit have been anyone remotely related to healthcare. And while I’d strongly suggest that anyone concerned about their business security should definitely consider a third party network security assessment, there are a lot of organizations that simply wait until it’s too late.
Let me be clear—I would much rather help a business out and give them a few pointers on how to improve their security measures rather than help them pick up the pieces afterward.
But when an attack strikes—wiping down your network (email, spreadsheets, databases, you name it)—more than half don’t have a plan on how to respond, making it harder and longer to recover from a ransomware attack or major data breach.
Cyberattacks today are more than just a technical problem. They are whole business issues, effecting every single person on your team. Either they can’t get any work done because their files are locked down or they won’t get their paycheck on time because accounting is locked out of their reports.
Bottom line: cyberattacks directly target the heart and soul of your business. No getting around it.
Today, cyberattacks are no longer an ‘if’ situation. They are becoming a case of ‘when’. When will one strike? Will we be prepared? The days of “we’re too small” or “we’re not their target” are long gone. In the event a cyberattack strikes, is your organization prepared?
To help you start wrapping your mind around cyberattack recovery, here are 6 essentials to include in your response plan.
Mobilize your response team—a response to a cyberattack or data breach should include a plan that has acutely defined a team whose job it is to recover your business from the attack. Note: here, I am referring to a cyber response, but for the sake of your business continuity you will want to make sure that response team is able and ready for any natural disaster or crisis.
Make sure you include all relevant stakeholders in your organization—including HR and employee representatives—to help pinpoint where the breach or incident started, any intellectual or sensitive information compromised, what data was impacted and where your team would be able to recover that information from backups, and whether there is any need to communicate the breach to the public or to your clients.
All of these questions should be identified ahead of time and every person responsible should be trained to account for their part of the response (make sure that your response team practices a response at minimum annually).
In general, the people you will want to consider for that team are: HR, Operations, Legal (or some external), and a cyber insurance company (make sure you have your cyber insurance buttoned up, too).
Secure systems—the first key step from the technical side of things is to secure IT systems. You want to make sure that the breach or attack is contained and prevent further spread of the infection.
This may mean that you will have to isolate or suspend a compromised portion of your network temporarily. Make sure your team understands the risks involved with disconnecting parts of your network. This is where having a solid business continuity plan that you regularly test comes really handy.
Conduct a thorough investigation—getting all the facts when investigating a breach or attack is critical to understanding the type of remediation needed to clean your network from any aftermath. You will need to have decided who will take lead on this and get any necessary employee involvement to best document your situation.
Often, investigations will include forensic analyses and cybersecurity expert sign offs that an attack was completely remediated and thoroughly investigated before vendors (for example, EHR vendors) will allow you to reconnect to their servers.
Manage your public relations response—if you incurred a cyberattack, you likely will have to notify clients. But you also will want to consider how you explain your situation to the public at large.
Realize that eventually people are going to learn of your cyberattack (and news like this will spread like wild fire). Many public relations experts that deal with cyber incidents recommend to be ahead of the news cycle on your cyber event and tailor your talking points and announcements to control the dialogue (this is especially important if you will have to ultimately report the incident as a breach to a regulatory agency).
Address any regulatory requirements—some laws will apply to everyone, but depending on your industry you may have to prove due diligence in remediating the attack and that you had proactively addressed any security concerns with updated policies and changes to procedures.
Incur liability—unfortunately no matter how much planning you put into your cyber incidence response, liability of some sort or another is inevitable. And much of the time, if you haven’t fulfilled your obligations in your cyber insurance contract (or if you have misrepresented the state of your cybersecurity in your requirements for your cyber insurance policy), you may be forced to shell out big bucks to recover from an attack.
Recent cybersecurity cases have amounted in the millions of dollars—even for relatively small organizations.
Some additional advice?
Incident responses are NOT fun. If not done right, you may jeopardize your entire business and your staff’s livelihood. Most cybersecurity experts strongly suggest that businesses—no matter your size—get a second opinion on network security to make sure you’re on the right track.
Not sure you have an incident response plan? Uncertain that your network could withstand a cyberattack? Consider a free network security assessment.