Steps to Take After Experiencing a Cyber-attack

Computer Screen viewed through glasses showing coding to hep protect against cyber attacks

When a cyber-attack occurs, how your organisation responds can make all the difference in mitigating the damages. In particular, time is of the essence. That’s why it’s vital for your organisation to have an effective cyber-incident response plan in place that specifically addresses key actions to implement immediately following an attack.

During these initial hours, your organisation’s response can help foster business continuity, protect stakeholders, limit legal repercussions and ultimately put a stop to the incident as quickly as possible. Taking steps to quickly contain a cyber-attack or data breach can provide significant financial benefits.

In order to minimise the lasting damage that can often accompany a cyber-attack, employers should consider taking the following steps immediately after an incident occurs:

  • Start documenting the incident—As soon as an organisation finds out that a cyber-attack is taking place, it should begin documenting what it knows. This should include when and how the attack was discovered, the technology or data impacted by the attack, and any other supporting evidence regarding the event. This documentation should be updated as more information becomes available.
  • Alert key personnel—Members of an organisation’s cyber-incident response team should be briefed and alerted. This may include IT leaders, crisis communication experts, and legal professionals. These individuals should then begin carrying out their designated roles and responsibilities as outlined in the organisation’s cyber-incident response plan. Inform additional employees if necessary.
  • Secure all workplace technology—Take any possible steps to secure servers and devices. Take any impacted technology offline, but do not turn devices off, as there could be important evidence available. Launch any backup systems or data required to perform key operations and ensure business continuity (if applicable).
  • Seek further assistance—Consult a forensic team or law enforcement to begin an in-depth investigation into the cyber-attack. Reach out to insurance brokers to begin the claim process and receive further assistance.
  • Inform appropriate parties—Develop a plan with crisis communication experts and legal professionals to share relevant details of the incident with organisational stakeholders, shareholders and government agencies (if necessary).

The NCSC’s New Tool to Report Scam Websites

The public is being recruited to help the National Cyber Security Centre (NCSC) in its fight against cyber-criminals. The NCSC has created a new tool that will allow people to report websites that may be scams.

Cyber-criminals who operate fake websites may attempt to use them to download viruses onto a device or steal passwords.  The NCSC’s new tool requests that members of the public provide the following information:

1. A link to the website in question
2. Information regarding how a person first encountered the website
3. Any other relevant information

After receiving a person’s report, the NCSC will then analyse the website. If it’s found to be malicious, a notice may be issued to the hosting provider for the site to be removed.

The new service will bolster the NCSC’s efforts to combat online scams. Last year, the centre created the Suspicious Email Reporting Service, which allows members of the public to forward suspicious emails to report@phishing.gov.uk.

For more information on scam websites and cyber-security, contact us today.