HB Blog

Insights from the leadership at HB on technology and culture

So, You’ve Been Hacked…Now What?

on November 29, 2016

In a world of sophisticated cyber criminals, it’s not a question of if you’ll be hacked—it’s a question of when. While prevention is a major element in any cyber security strategy, that’s no longer enough. Today’s businesses need to implement a strategy for what to do after a hack.

Carry Out a Five-Step Plan 

Emergency response is crucial in harmful data hack situations. When attackers breach your IT team’s carefully constructed defenses, you’ll need a response lined up and ready to go. Here are five steps to ensure the safety of your data and your company: 

  1. Find out what was hacked. Get to the root of the issue to begin the recovery process. Use effective forensics to determine the cause of the breach and what data, if any, the hackers stole. Different types of hacks call for different emergency response maneuvers. A breach of sensitive customer information, for instance, requires a different protocol than company data.
  2. Bring in the right people. Depending on the type of breach, your company needs to bring in different people. For example, if the FBI sends out a warning of a breach in the corporate network, you may need to bring in legal officers or the executive board. Once you ascertain which data was vulnerable to the security breach, call in the correct back-up team.
  3. Communicate effectively. After a major cyber security breach, effective communication is vital. Inform your employees and involve the correct people to help. Also, communicate with external contacts, breaking the news to customers in an official media release or other method. If necessary, grant an interview with the press to discuss the breach and your plan for data recovery. Be honest, open, and sincere in your communications.
  4. Alert the authorities. Research your state’s laws regarding whom to notify of the breach. This may be a government agency or the data subjects. Check to see whether your breach is one of the types that qualify under certain U.S. federal laws. Alert the proper authorities about your breach to keep your company safe and within the law.
  5. Build a better defense. After a security breach, it’s necessary to size up your current security efforts and see where you have holes. Find out how the hackers breached your system, current vulnerabilities, and where your IT team went wrong. Solve the issue so the same type of breach doesn’t happen again, and take steps toward building a better defense.

Once you’ve completed these five steps, your brand will be on its way to recovery. The main goals of your emergency response IT team are to save your data and return to business as normal as soon as possible.

Take Control of the Situation

In the aftermath of a security breach, your focus should be on your customers. Ensure your messages to the public after a breach are calm, collected, and appropriate for the audience. Tailor your message for internal employees, business partners, clients, and the public. Prioritize your customers—clearly demonstrate the steps you are taking to clean up the breach and prevent another attack. The amount of preparation a business completes before a security breach can make a world of difference in the success of your incident response team.


Photo Credit: huppertzpowers Flickr via Compfight cc