Hopefully, you are reading this more as a preventative measure rather than a response. If you happen to become victim to a cyber-attack it can cause a magnitude of problems for your business.
It’s a sad fact that many small businesses don’t think that they will become victim to one of these types of attacks. The reality is that, due to an increased reliance on online technology, small businesses are often the main target.
Cyber-attacks can result in theft, lost profits, brand vandalism and even customer and payment details being leaked. Alongside the disruption this can cause, it also damages the trust that customers have in your company.
If you are unprepared, a cyber-attack can be devastating. Any business should have a plan in place to prevent any attempted attacks and, worst-case scenario, to recover from them.
Make sure you have a step-by-step plan.
A disaster recovery plan is a must for all businesses. Attackers primarily target small businesses as they often have no defences in place. Having a disaster recovery plan will help you get back on your feet if the worst-case scenario happens.
IBM has published support documents for businesses to help them implement such plans. These give examples on how to reduce disruptions to your normal operations, limit the damage, and minimise financial loss, as well as how to smoothly resume normal service.
Have some type of liability insurance
Most businesses don’t have cyber liability insurance. By having this insurance you can really help minimise the damage that a cyber-attack can cause. Some of the things coverage can include are:
- Investigation costs
- Cost of informing clients
- Legal fees including compensation
- Payment of fines if due
- Data restoration
Any of the above items are costly. Having liability insurance can give you peace of mind that your revenue won’t take a huge hit.
Address the core vulnerabilities
It goes without saying that the best way to avoid being attacked is to not be vulnerable in the first place. This sounds easy on the surface but can be difficult in practice.
It may be a good option to contact a security company to assess any potential backdoors into your system or general vulnerabilities. If you do experience a cyber-attack, it’s important to get your whole computer network analysed to pinpoint where the vulnerabilities originated.
Let your customers know
In the case of an attack, you will need to let your customers know. How you do this can vary, but you’ll want to be transparent through this process and reassure them that solid steps have been taken to avoid it happening again.
You may want to consult someone that can handle this press release for you. Experience in delivering this news is paramount as you want to try and retain the customers that have been affected. A PR firm would be a good option for this.
Inform the authorities
What has happened to you is a crime, so contact your local law enforcement as soon as possible. Some companies avoid this for as long as possible in case they are held accountable for shoddy security.
However, it is best to let the authorities know as soon as possible, you’ll have to go public eventually and any delay just reflects badly on your business. There may also be serious legal consequences of keeping silent and covering up the cyber-attack, especially when customer data is involved.
Hopefully, these tips give some insight into what to do after a cyber-attack and how to prevent another. Having preventative measures is a must, but also having a recovery plan will make the bitter pill of being a victim easier to swallow.