5 Steps to Recovery After Your Business Has Been Hacked
Burger King announced Monday that its corporate Twitter account had been hacked, and last week, Facebook alerted users that sophisticated hackers had installed malware on employee laptops. These security breaches are only in the latest in a string of high-profile hacking attacks in 2013; other companies recently hit include The Wall Street Journal, The Washington Post and The New York Times.
It’s not just household names that are the targets of hackers, however: In a report released by Symantec, the maker of the Norton Anti-Virus software, 36% of the global targeted attacks in the first half of 2012 were directed against small businesses with 250 or fewer employees.
“Nowadays, every company with an Internet connection is a potential victim. Hackers used to focus just on high-value organizations, like financial corporations, but now the tools are so efficient and cheap that hackers can afford to attack anyone and everyone around the clock,” said Dr. Paul Judge, vice president and Chief Research Officer of Barracuda Networks, which offers IT support and data protection services.
“Even the smallest businesses now have to worry about network security and protection – when they didn’t have to worry so much only 5 years ago,” he said.
FOXBusiness.com spoke to four cyber-security experts to create a 5-step plan that will get you safely up and running again in no time if and when your business is compromised by a hacker.
No. 1: Identify Whether an Attack Has Occurred
Rob Lee, the Digital Forensics and Instant Response Lead at the SANS Institute (a leading information security training institute), says that identifying whether a hacking attack has occurred is incredibly challenging for most businesses. In fact, Lee referenced findings from cyber-security firm Mandiant that showed that it takes companies an average of 416 days from the initial attack to detect a security breach.
“To detect an attack, you must develop and maintain a basic awareness of the normal operations of your business,” says Martin Roesch, founder of SourceFire, a high-end technology firm that combats hackers and malware. “Once you’re aware of how your network works, the applications people use and the amount of bandwidth they chew up, you’ll be able to spot anomalies that will help you identify an attack.”
Warning signs might include machines that are suddenly running slowly or crashing, strange network usage patterns, huge transfers of data to unknown destinations or visits from unfamiliar IP addresses (for instance, visits from Eastern European IP addresses when your business’s customers are all based in Texas).
No. 2: Investigate the Scope of the Compromise
The next step is to figure out how many systems or machines have been affected by the compromise, says Roesch. Unless you have an information or cyber-security expert on staff, this would be a good time to call in a professional consultant, who will be able to identify the type of attack being utilized by the hacker, conduct a network and malware analysis, and figure out which systems and data files have been compromised.
A security expert will also be able to tell you whether the attack was mass-produced –something an employee might have picked up by browsing a compromised website – or whether it was a unique, targeted attack, which might suggest that the perpetrator was a competitor of some sort, says Dr. Judge.
No. 3: Contain the Attack
Once the scope of the compromise has been determined, says Lee, “all systems should be pulled offline simultaneously.” While the kneejerk response might be to pull the plug on machines as soon as a compromise has been detected, waiting until a thorough investigation has been conducted will better serve you in figuring out how to protect your system from future attacks.
No. 4: Remediate and Repair Systems to Prevent Future Attacks
After pulling your systems offline, you can reinstall programs from master discs. Then, using the information you’ve learned about the breach, says Hemanshu Nigam, founder of SSP Blue, a safety, security and privacy firm, “you can close the gaps in your systems, so it doesn’t happen again.”
A big part of the remediation process is changing your employees’ behavior; Nigam identifies employees as a small business’s weakest security points. “By quickly clicking into emails from strange senders or accessing infected sites, employees can lead to a security breach,” says Nigam.
Dr. Judge recommends using web app firewalls, which can shield your website from attacks, and web filtering services, which will protect your employees from compromised websites that they might visit on work devices.
No. 5: Communicate Breaches Effectively
“The reality is that many companies get hacked at some point,” says Dr. Judge, “and communication with the customer base is critical.” Nigam agrees that customers should be informed to the extent possible, which will actually help build trust between your business and clients, as long as you effectively communicate that you are making all efforts to prevent another attack.
Depending on what type of data has been compromised, you may also have a legal obligation to inform your consumers. This is most likely the case if personal information or financial data has been breached in any way; individual laws differ from state to state. A list of the forty-six state security breach notification laws can be found here.