Blog

Back

Steps to Take Immediately After a Cyber Breach

It’s a critical time to raise your awareness of cyberattacks. Recent history indicates a rise in the frequency of cyber breaches affecting all types of businesses of any size. The unfortunate reality is your business is a potential target for hackers. As NJ Cyber Insurance specialists, we see examples of cyber breaches occurring on unlikely companies all too often.

Of course, you want to harden your defenses against cyberattacks, which is necessary. But it would help if you also had a solid plan for what to do immediately after a cyber breach. Use the six steps in this report to create an action plan for your business if it suffers a cyber breach.

Recommended Actions Steps to Implement Immediately After a Data Breach

It’s human nature to hit the panic button when cyberattacks happen, but it’s imperative to stay calm even though it’s hard to do. That’s because a cyberattack is already a catastrophic situation, which means you need a clear mind to help you maintain a problem-solving attitude and to set the tone for your team to respond in an unemotional, logical, and organized way.

1.    Identify and Isolate the Affected Servers

Because it is essential information for assessing how the event occurred and who was responsible, it’s critical to preserve evidence after a data breach. Start quickly by identifying and isolating the compromised server to avoid affecting other devices.

Immediately take these steps to stop the spread of your data breach.

  • Disengage your network’s internet connection
  • Disable all remote access to your network
  • Require strong password changes systemwide
  • Update your system with pending security patches
  • Check firewall settings are operational

Stay in touch with trusted sources observing the situation to inform them how to proceed if your breach is part of a wide-scale attack. Determining the cause of the break-in will help to prevent similar future attacks.

Investigate and detect who has access to the affected server, which network connections were active during the incident, and how did the cyber attack happen? Review your email provider’s security logs and utilize any working intrusion detection systems to determine the breach’s origin.

2.    Implement Your Notification Tree

The groups you must notify immediately of your cyber breach are 1) employees, managers, and contractors, 2) your customers, 3) legal counsel, 4) your insurance agent and carrier, and 5) the authorities.

Inform your staff with details as soon as possible. Provide clear and accurate information for your team with the approval of who has authority to communicate with whom. Keep your team in the loop as much as possible as you move to recover from the attack. Legal counsel can help to determine how to notify your customers adequately.

Informing customers is challenging, but you must be in touch with them after an attack. They deserve the right to protect themselves even if your business isn’t publicly sharing details about the cyber breach. Use your legal counsel to review your responsibilities and help with your legal and regulatory requirements as you engage your clients, vendors, and partners.

Your NJ Cyber Insurance policy has provisions to assist with your recovery from a data breach attack. Carriers have growing experience in helping their clients in the wake of a cyberattack, and as such, you should utilize their tools and expertise. It’s an excellent suggestion to review and update your cyber insurance coverage with your insurance agent annually. 

Authorities to contact include your local police department, the FBI Internet Crime Complaint Center (www.fbi.gov/investigate/cyber and www.ics3.gov), the Secret Service Electronic Crimes
Task Force (www.secretservice.gov), the DHS US Computer Emergency Readiness Team (US-CERT) (www.us-cert.gov), and the FTC if your clients’ identity data is compromised (www.ftc.gov and www.identitytheft.gov).

3.    Don’t Pay Ransom Immediately

Avoid paying ransom to cybercriminals, at least initially. There are numerous after-effects you can’t control after paying a ransom. Hiring a cyber security consultancy to investigate and remediate the issues related to the attack is often a better long-term solution. That’s because you can’t trust hackers not to compromise your systems further now or in the future.

4.    Activate Your Response Team

One of the best proactive steps is to form a skilled and trained response team that quickly focuses on remediating damages caused by the cyber attack. The typical response team will tap your assigned IT members to investigate the attack and provide solutions to mitigate immediate and future problems. Involve Human Resources if employees were affected by the attack. Use your PR team to determine how to inform your clients of the attack. Include your legal counsel to ascertain your potential legal implications.

5.    Document and Remediate

The response team must document their processes and findings as they investigate the attack. The evidence about the vulnerability of a successful attack will help strengthen your cyber defenses in the future. Thorough documentation will help with addressing regulatory requirements and managing public relations.

Learning from mistakes is a key to avoiding future problems. Analyzing the attack is necessary to discover unpatched security vulnerabilities and develop effective security remedies to thwart future cyberattacks. In response to the shocking SolarWinds breach, FireEye released the Azure AD investigators tool on GitHub with the intent to help security administrators find artifacts that require additional analysis to understand their relevance to the attack.

6.    Hire Data Security Experts to Help Restore Data and Harden Systems

Should your business suffer a significant cyber breach, retaining information technology security professionals with expertise in security and data breach cleanups is advisable. Restoring a hacked security system on your own is potentially inefficient and inadequate without the aid of experienced security professionals. Order a third-party audit of your data network and systems.

You can always do more to protect your networks and data systems. Keeping vigilant and current on cyber security are your best defenses. Having the right professionals on your team helps you defend your business from cyber breaches and resolve the many issues that arise when they occur.

As NJ Cyber Insurance experts, the staff at the Dickstein Agency is eager to apply its extensive experience to provide you with all the protection a well-designed cyber insurance program offers. Please let us know how we can assist you.

About Dickstein Associates Agency

Dickstein Associates Agency has distinguished itself as a leading provider of personal and business insurance in the tri-state area since 1965. We pride ourselves on being advocates for our clients and providing them with quality and affordable coverages. As Trusted Choice™ independent insurance agency, we partner with various national and regional carriers, allowing for flexible coverage for each client’s unique circumstances. For more information on how you can leverage all your insurance to work best for you, and how we can secure the best insurance in the marketplace suited to your specific needs and business objectives, contact us today at (800) 862-6662 or www.dicksteininsurance.com.

SUBSCRIBE

Be the first to get updates and new offers.

related post

Locations We Serve

New Jersey, New York, Pennsylvania, Delaware, Florida, Iowa, Illinois, Indiana, Maryland, Michigan and Utah.

Connect with one of our experts
Facebook-f Pinterest Linkedin-in Twitter Youtube
New Project

Make A Payment

New Project

Report A Claim

New Project

Obtain Certificates

Request A Quote

Personal Insurance

Business Insurance

Employee Benefits

Trusted Choice
wedding
at

© 2022 Dickstein Associates Agency, LLC   |   Privacy Policy   |   Terms and Conditions   |   Legal Notices