When a cyber attack occurs, how your organization responds can make a big difference in mitigating the damage. In particular, time is of the essence. This is why it is important for your organization to have an effective cyber incident response plan in place that specifically addresses key actions to be taken within the first 24 hours after a cyber attack.
During these first hours, the organization's response can help promote business continuity, protect stakeholders, limit legal consequences, and finally stop the incident as quickly as possible. In addition, measures to quickly limit the attack can provide significant economic benefits. According to a new report from the Ponemon Institute, organizations that could solve a cyberattack in less than 30 days saved over $ 1
To minimize the permanent damage that can often accompany a cyber attack, here is an overview of important tasks to perform in the first 24 hours after an attack is detected in your organization:
- Start documenting the incident. As soon as you find out that a cyber attack is going on, start documenting what you know. This information should include when and how the attack was detected, the technology or data affected by the attack, and other supporting evidence of the incident. Keep updating this documentation as you learn more about the event.
- Warn important personnel. Be sure to gather the members of the organization's cyber incident response team and warn them about the attack. This can include IT managers, crisis communications experts, legal advisors and your insurance adviser. These individuals should then begin to perform their designated roles and responsibilities as described in the response response plan. Inform additional employees about the attack on a need to know.
- Secure all technology in the workplace. Do what you can to secure all organizational servers and devices, and stop further data loss or destruction. Take any affected technology offline, but do not turn it off, as it may provide important evidence during the attack investigation. Launch any backup system or data required to perform critical operations and ensure continuity (if applicable).
- Seek further help. Consult your organization's forensic team and, depending on the severity of the incident, local law enforcement to begin conducting an in-depth investigation of the attack and help identify the perpetrators. Contact your insurance company to start the claims process and get further help.
- Inform appropriate parties. Based on the guidance of your crisis communication experts and legal advisors, develop a plan to effectively share the key details of the attack with organizational stakeholders, shareholders and authorities (if needed).
We can help you recover from a cyberattack
We understand the negative effects that a cyberattack can have on your business, we have seen for ourselves how it affects customers. We also know which insurance companies offer the widest insurance coverage to help you recover from a break-in.
But we do not stay there.
The best place to start is with your own internal operations, the security measures you have taken and the checks carried out to ward off an attack. If you want to learn more about how we can help you, you can download our e-book on cyber and data intrusion liability or if you need to get insurance coverage now, simply Request a suggestion and we will start immediately.