Three Steps to Take When Your Company Does Get Hacked. After a record year of breaches, two cybersecurity experts share tips on securing the “crown jewels” of your business
Was your company hacked in the last year? If not, consider yourself lucky.
It’s not a question of if, experts say, but when you’ll get hacked.
Cybercrime is up exponentially, driven in part driven by the pandemic shift to remote work and employees using their own devices to access company networks or, alternatively, adopting work devices for personal use.
According to a year-end report from cybersecurity services provider Flashpoint, 4,146 global data breaches were reported from January 1 2022 to November 30, 2022. About a third of those, 31.8 percent, targeted U.S.-based companies.
And while we hear a lot about the hacks at large companies and organizations, small and mid-sized companies tend to be even more vulnerable to cyberattacks.
“I often see smaller companies that say I’m small enough that hackers wouldn’t care about me,” says Frank Shultz, chairman, and CEO of business resilience solutions firm Infinite Blue. “That’s just simply untrue. I don’t care what size business you are–everyone these days is a target.”
And according to Tiffany Kleemann, Clients & Markets Leader for Cyber & Strategic Risk at Deloitte, smaller companies that experience hacks can face an existential threat. Take ransomware for example, a type of cybercrime in which an attacker encrypts a victim’s data and demands a ransom from the victim to restore access to the data. A smaller company without the cash flow to meet a hacker’s demands could be sunk.
Prevention starts with awareness
Kleemann says that “job one” for every company looking to safeguard from cybercrime should be to conduct a cyber risk assessment. A cyber risk assessment is a process for evaluating the potential risks to an organization’s technology infrastructure, business processes, and security controls to identify vulnerabilities and the potential impact of a hack or data breach. Kleemann likens the process to identifying your company’s “crown jewels,” and then formulating specific plans for how to safeguard those valuable assets.
Also vitally important is training your employees to identify attempts from external actors to break into your internal systems. These attempts often come in the form of phishing scams, in which someone attempts to obtain sensitive information, such as passwords and credit card numbers, by disguising oneself as a trustworthy entity via electronic communication. These days, Kleemann says, cybersecurity consultants are going a step further than hosting classes on phishing scams; they’re sending fake phishing emails to employees as a low-stakes way of testing their abilities to recognize threats.
Damage control steps
But what if it’s too late? What should you do when you check your website and suddenly, instead of your homepage, you see a message demanding that you pay for the ability to regain control of your business? That’s where Shultz, of Infinite Blue, comes in. Shultz has vast experience helping companies to pick up the pieces after a hack, and he shared three key tips with Inc. readers.
1. Trust your gut
If you have any suspicion that an intruder has breached your network, trust your gut and immediately take all communications with your employees to a separate, secure network that isn’t being monitored (examples include Signal and Wire). Shultz says that he’s seen hacks in which the infiltrators impersonate an employee in the company’s Slack channel, and then are able to watch along while the company formulates a plan to counter the hack. Shultz adds that businesses should consider adopting a codeword to let employees know that there’s been a breach and to switch to the secure messaging service.
2. Get insurance
Shultz also says that companies of all sizes should consider getting cybersecurity insurance, which he claims can be a lifesaver if you have no other option but to pay out a ransom. This type of insurance is just emerging, so look for policies that include access to teams that help to negotiate with the hackers, and help craft communications about the hack to employees and customers.
3. Know your IP
The best thing you can do is to be prepared and ready to quickly take action, figure out which of your assets would be the most painful to lose and invest heavily to keep those assets secure.
One thing that both Shultz and Kleemann agreed on? The prospect of your company being hacked isn’t a possibility–it’s an inevitability. For context, though, Shultz says there’s only so much any company can do by way of prevention. “You can surround the Hope Diamond with lasers and bulletproof glass,” he says. “But if Tom Cruise wants to rappel through the ceiling and steal it, he’s probably gonna find a way to get it.”
(INC)
Napomena o autorskim pravima: Dozvoljeno preuzimanje sadržaja isključivo uz navođenje linka prema stranici našeg portala sa koje je sadržaj preuzet. Stavovi izraženi u ovom tekstu autorovi su i ne odražavaju nužno uredničku politiku The Balkantimes Press.
Copyright Notice: It is allowed to download the content only by providing a link to the page of our portal from which the content was downloaded. The views expressed in this text are those of the authors and do not necessarily reflect the editorial policies of The Balkantimes Press.