When a cyberattack occurs, how your organization responds can make all the difference in mitigating the damage. In particular, time is of the essence. Therefore, it is important for your organization to have an effective IT incident response plan that specifically addresses key actions to be taken in the first 24 hours after an attack.
During these first hours, your organization's response can help promote business continuity, protect stakeholders, limit legal consequences, and finally stop the incident as quickly as possible. In addition, it can provide significant economic benefits to take action to contain the attack quickly. According to a recent report from the Ponemon Institute, organizations that could solve a cyberattack in less than 30 days saved over $ 1
To minimize lasting damage that can often accompany a cyber attack, here is an overview of important tasks to perform in the first 24 hours after an attack is detected in your organization:
- Start documenting the incident. As soon as you find out that a cyber attack is going on, start documenting what you know. This information should include when and how the attack was detected, the technology or data affected by the attack, and any other supporting evidence of the incident. Keep updating this documentation as you learn more about the event.
- Warn important personnel. Be sure to gather members of your organization's IT incident response team and alert them to the attack. This may include IT executives, crisis communications experts, legal advisors and your insurance adviser. These individuals should then begin to perform their designated roles and responsibilities as described in the cyber incident plan. Inform additional employees about the attack on a knowledge-based basis.
- Secure all workplace technology. Do what you can to secure all organization servers and devices, and stop further data loss or destruction. Remove all affected technology offline, but do not turn it off, as it may provide important evidence during the attack investigation. Start any backup system or data required to perform key operations and ensure continuity (if applicable).
- Seek further help. Consult your organization's forensic team and – depending on the severity of the incident – local law enforcement to begin conducting an in – depth investigation of the attack and help identify the perpetrators. Contact your insurance company to start the damages process and get further help.
- Inform appropriate parties. Based on the guidance of your crisis communication experts and legal advisors, develop a plan to effectively share the key details of the attack with organizational stakeholders, shareholders and authorities (if needed).
We can help you recover from a cyber attack
We understand the negative effects a cyber attack can have on your business, we have seen first and foremost how it affects customers. We also know which insurance companies offer the broadest insurance coverage to help you recover from a break-in.
But we do not stay there.
The best place to start with your own internal operations, the security measures you have in place and the checks that are carried out to ward off an attack. To learn more about how we can help you, download our e-book on cyber and data breach liability, or if you need insurance coverage now, simply Request a suggestion and we'll start right away.