The chances of falling victim to a cyber attack are pretty high. In fact, last year, 4 in 10 businesses and a quarter of charities reported cyber security breaches or attacks.
1 in 5 of these victims lost money, data or other assets as a result of the cyber attack.
As the sophistication of cyber attacks increases year on year, so too does their success. If your business doesn’t already have a comprehensive cyber security solution, then the time to act is definitely now. However, if your business does fall victim to a cyber attack, you need to know what to do next.
What are the most common cyber attacks businesses fall victim to?
Ransomware
As the name suggests, a ransomware attack uses malware to gain access and control over the files and data a business holds. The hacker then demands a ransom in return for their restored access. In most cases, the ransom is financial, but can sometimes be for valuable information or data. Time is usually against the victim to pay the ransom and of course, the return of their files is never guaranteed.
DDOS
Distributed Denial of Service is a malicious attack on a server, network, or service to disrupt traffic. These attacks are usually a means to overwhelm firewalls in preparation for a bigger attack.
Man-in-the-middle
This method is basically like eavesdropping, and there are many ways cyber criminals use it. By intercepting emails between colleagues, they can access sensitive information and valuable data. Or, by intercepting a login process, they can access the victim’s credentials for an account or IT system. With the right cyber security in place, such as encryption, multifactor authentication, and cyber security awareness among your team, attacks like this can be avoided.
Password attack
Phishing attacks are a popular way for cyber criminals to steal password details. The attacker will contact their victim by email, message, or phone call, posing as a representative from a recognisable and trustworthy organisation such as their bank, and ask for their login credentials as a security check (the irony!). Alternatively, cyber criminals will simply try brute force with a programme designed to try millions of passwords per second until they crack yours.
A 5-character password containing numbers and upper- and lower-case letters can be cracked in just 3 seconds.
What to do if your business falls victim to a cyber attack
If your business falls victim to a cyber attack or some sort of breach, there are 6 steps you need to take:
Step 1: Tell your IT provider
Your IT provider should be your first port of call as they will stop the spread of the damage.
Step 2: Survey the damage
It’s important to understand which machines and systems have been affected so you can ascertain the method of the attack and the impact on your business-critical functions.
Step 3: Damage limitation
When businesses fall victim to a cyber attack, actions need to be taken to limit the spread. This can include isolating parts of your network and blocking or re-routing traffic. This may be achievable in-house but if you’re unsure, you need to seek assistance from a cyber security specialist.
Step 4: Note the details
Record everything; compromised accounts, affected systems, the level of damage, and data from system logs. You’ll need it for your next steps.
Step 5: Notify stakeholders
In the event of a data breach, you must notify those affected as soon as possible. If the attack breaches GDPR, reporting it to the right people within 72 hours can help reduce applicable penalties. You then need to report the attack to Action Fraud – this applies to all cyber attacks.
Step 6: Debrief
Although by this stage you want to brush the whole event under the carpet and move on, it’s important to learn from the experience. Lightning can strike twice and it’s important you give your business the best chance of avoiding being hit again or responding even better the next time, should there be one. Review the documentation you collated at stage 4 of this process, identify any mistakes which lead to the attack being successful, and consider training for staff and consultation from cyber security experts.
We can help prevent you from falling victim to a cyber attack
At Jupiter IT, we’re about more than just fixing IT issues, we’re cyber security specialists and give our clients valuable consultancy to make their business as secure as possible.
That’s why we offer free cyber security workshops for our clients and their teams and carry out regular cyber security audits as standard.
To find out more, drop us a line – we’re waiting to share our expertise with you.
