What to do if your business is affected by a cyber-attack?
According to the Australian Small Business and Family Enterprise Ombudsman, cybercrime is costing the Australian economy more than $1 billion each year.
Even in 2017, 22% of small businesses that were breached by the Ransomware attacks were so affected they could not continue operating.
This is a staggering statistic, especially when some businesses rely solely on pre-packaged antivirus software to protect their business’ data.
No business is too small to worry about cybersecurity where either outcome could result in your data is compromised or your customers’ data is compromised.
1. Immediately stop further infection
When you feel an attack has occurred, or a computer has been compromised to an attack, you need to stop the infection from spreading.
You can do this by quarantining that computer or device by removing it from the network. Pull out the network cable from the computer or turn off the device’s wireless connection to ensure access is cut off.
The damage could already be done but at least you’ve minimised the chance of further attacks.
2.Eliminate the threat
This action needs to occur as soon as an attack or breach has occurred. Depending on your business’ IT setup and infrastructure, contact your IT administrator and notify them of the situation at hand. They will be best suited to eliminate the attack vector and determine if it is still within network perimeter
From there, they should be able to determine how the attack occurred and subsequently what information was breached.
Breaches should be reported to your internal staff immediately, with details of how it happened. From here, you need to take steps to further identify the behaviour that caused the incident and keep the machine or device quarantined until advised by a professional.
You can also report cyber incidents through the Australian Government channels below. Doing so will alert authorities to the incident so that its effects can be minimised and investigated to attempt to catch the attacker can be made. These channels also provide advice to help people recognise and avoid common types of cybercrime:
•Computer Emergency Response Team (CERT) https://www.cert.gov.au/
•Australian Cybercrime Online Reporting Network (ACORN) https://www.acorn.gov.au
However depending on your business, customers and type of data breached, you may need to do some further reporting.
From 22 February, all businesses with a turnover greater than $3 million which have a significant data breach are required to inform all concerned parties, and to inform the Office of the Australian Information Commissioner. In the event of unauthorised access, disclosure or loss of personal information that could be seriously compromising to the person or people it relates to, it must be reported via https://www.oaic.gov.au/
At this point, it is recommended to consult a lawyer and your IT provider for assistance. If you don’t have sophisticated event logging systems overseeing your network, then this process will be time-consuming and costly. You will need to go through this exercise as the changes to the Privacy Act mandate that not only do you have to report the breach to OAIC but if likely to cause harm, you need to issue a public statement.
4. Assess the damage and recover your data
This step is crucial to determine the depth of the breach’s effect on your business, the ability to recover and affect the likelihood of future breaches.
When a breach does occur, most businesses don’t have the measures in place to recover lost or compromised date because they haven’t taken the time to plan the repercussions with a potential breach.
The best way to ensure you can recover data is consistent and timely backups of data. Restoring recent backups can allow you to recover lost of compromised files and damaged systems. However, conducting the backups is only half the job done. You need to test the quality of the backups stored, in case they too are corrupted.
5. Review your processes
You need to review the incident internally, determine how it happened and what reasonable steps to take to ensure it doesn’t happen again.
Some of these steps can be relatively easy to complete. For example, some of these steps can include (but not limited to):
- Backup regularly
- Patch applications and run security updates and scans
- Protect devices and accounts with complex, limited time passwords with multi-factor authentication
- Protect systems by limiting application control and limit administrative accounts
According to the Australian Cyber Security Security, the essential eight mitigations strategies as a baseline include:
- application whitelisting – to control the execution of unauthorised software
- patching applications – to remediate known security vulnerabilities
- configuring Microsoft Office macro settings – to block untrusted macros
- application hardening – to protect against vulnerable functionality
- restricting administrative privileges – to limit powerful access to systems
- patching operating systems – to remediate known security vulnerabilities
- multi-factor authentication – to protect against risky activities
- daily backups – to maintain the availability of critical data.
It is recommended to talk to your IT provider to determine a SIEM solution which can further add to your business’ cybersecurity.
With legislation that increases the liability of small businesses in the event of a data breach, you need to know what to do when a data breach happens. Small business in Australia is the target of 43% of all cybercrimes and we need to be prepared.