EZ MSP Blog
Before You Act on a Hack, Know the Extent of the Breach
Getting hacked is a scary occurrence. It’s a major reason why you have security measures put into place. You try to avoid it as much as you can, but getting outsmarted by hackers happens to the best of us. The good news is that as long as you approach your hacking incident in a reasonable way, you can limit the amount of damage that’s done to your infrastructure.
Before you do anything else, it’s important to remain calm and not to make any rash decisions concerning your systems, like going public with your hack immediately following the breach. Before informing those who were affected, you need to know who actually was affected. This includes determining how deep the breach has gone, how much data was stolen or destroyed, and whether or not there are still underlying issues within your IT infrastructure, waiting to resurface.
Understand the Full Scope of the Attack
Before jumping to conclusions, begin by assessing what exactly happened to your IT systems. Was it a data breach, and if so, how did the intruders get in? Did they infiltrate through a spam email, or did they brute force their way into your network? Was it the cause of user error, or the result of a neglected vulnerability in your software solutions? These are all important questions that need to be asked, and you need to know the full impact of the hacking attack before anything can be done about it.
Check Which Data, If Any, Was Stolen
The next part of handling a data breach is checking what data was affected by it. Did the hacker make off with any valuable information, like Social Security numbers, credit card numbers, account usernames, passwords, or other credentials? If you know which files have been accessed, you’ll have a good grasp on the extent of the damage. However, if health records have been compromised, you might be more trouble than you’d care to admit.
Give Your IT Department Room to Clean Up the Mess
Your business needs to conduct a full investigation into the hacking attack, and take preventative measures to ensure that the system has been completely purged of the threat. This includes having an environment available for work while your IT is busy containing the problem and resolving it as quickly as possible. This also includes having the resources available to do so; your budget should be ready to deal with hacks whenever possible.
Find the Real Issue
Sometimes smaller hacking attacks are used as distractions to the real problem. For example, a virus that infects a PC could simply be a distraction to hide a trojan, which may allow the hacker to later access your network. If this happens, any attempts to clean up your systems might be rendered useless, especially if you haven’t found the trojan. You could just be inviting another hacking attack, which is counterproductive and costly.
Keep in mind, sometimes your business might not be the target, but instead just unfortunate enough to be a victim. Phishing attacks, malware, and other threats travel virally, spreading between contacts and getting picked up on unsafe websites by users.
Know Your Compliance Liability
Depending on the types of files that have been exposed to hackers, you might have a full-fledged violation of compliance laws on your hands. This can lead to expensive fines that can break your budget. Knowing where you stand on compliance, as well as what’s involved for reporting it, is a crucial step in handling a data breach.
EZ MSP can help your business handle any potential data breach, and our trusted IT professionals can assist with implementing new solutions to prevent future breaches. To learn more, give us a call at (914) 595-2250.