What Is Your Cybersecurity Incident Response Plan?
The initial reaction when you suspect your computer or network has been compromised is to panic. However, if your network has been breached, what you do next can make the difference between the incident being a minor inconvenience and being a devastating disaster that brings legal trouble and huge fines and halts your ability to do business. With this article, you’ll learn the foundational steps to a cybersecurity incident response plan!
In today’s article, we’ve consulted our cybersecurity experts on the top signs of an affected computer and the five steps you need to take as soon as you notice your network has been compromised to prevent as much irreversible damage as possible. If you don’t currently utilize a cybersecurity incident response plan, this is a good place to start.
Signs Of An Issue
According to IBM’s latest cybersecurity report, the average data breach goes 277 days before it’s noticed and reported. This time frame sounds crazy considering that attacks using malware, viruses, keylogging tools and more can cause a considerable amount of damage very quickly, but most users miss the warning signs and don’t realize they’re under attack until irreversible damage has occurred.
Several of the biggest indicators of an issue can be mistaken for a slow or outdated computer or operating system. If you experience any of these issues, it’s a good idea to contact your IT team. If it’s an attack, they’ll know the proper steps to take (your cybersecurity incident response plan), and if it’s not, they’ll be able to update your system or replace your device to improve performance. Here are a few key signs your computer could be infected:
- Slow computer or network performance
- Frequent freezes or sudden crashes
- Rapid pop-ups
- Locked user accounts
- Sudden and unexpected file changes
- Abnormal system behavior, such as the device continuing to run after a shutdown
- Unusual account activity
What To Do Next
If you’re experiencing any of these issues, the next steps you take are important, consider this the beginning of your cybersecurity incident response plan. Here is what our team of experts recommends:
1. Take the network offline to isolate the incident, but DO NOT turn off the device or reboot it.
When a device isn’t working the way it should, the go-to move is to hit Restart. In many scenarios, that maneuver can work; however, if malware is involved, this simple act can make the situation worse. In some circumstances, rebooting your device can set in motion a crashed file-encryption process that can cause unrecoverable data loss. Disconnect your device from the network but allow it to remain on as you move through the next steps.
2. Call your IT team IMMEDIATELY.
It’s important to contain the breach before it infects the rest of your network or causes any more damage. Your IT team will be able to investigate the issue to determine what went wrong and what the impact was and mitigate the breach quickly. Do not try to fix this on your own. Attempting to run a “system cleanup” or your antivirus software will waste time and could cause more damage. Call in the experts.
3. Call your attorney.
There are several reasons to call your attorney, it should be a step in any cybersecurity incident response plan. Depending on the size of the breach, your attorney may refer you to outside legal counsel with privacy and data security expertise who can advise you on the federal and state laws that may be implicated by the data breach.
4. Change passwords and secure all accounts.
As the IT team is working on containing the breach, you’ll want to change your passwords to protect any of your other accounts that may not have been affected yet. Hopefully you have multifactor authentication enabled and will be notified if someone tries to access your account, but if not, begin working through your accounts to secure them, starting with ones that contain financial information like credit card numbers, Social Security numbers and more.
5. Check your bank accounts.
Nearly all cyber-attacks are financially motivated, making bank accounts the primary target. As the breach is being mitigated, check your bank accounts and payment processing tools, including third-party merchant accounts and employee payroll systems, for any anomalies or sudden changes.
If you’re hit by a cyber-attack, there will be a list of other steps to take, like implementing a PR communications plan, notifying appropriate parties such as law enforcement and more, all of which are a part of an overarching cybersecurity incident response plan. The most important thing you can do if a data breach occurs is to isolate the incident and hand it over to a qualified cybersecurity professional as soon as possible. Time matters in these situations.
If you need a reliable, trustworthy cybersecurity team monitoring your business and help with strategically implementing a robust cybersecurity incident response plan, start with a FREE Cyber Security Risk Assessment. These assessments are designed to thoroughly examine your network to pinpoint any vulnerabilities and map out a plan to fix them. It is much more cost-effective to prevent a cyber-attack than to fix one, so book your assessment today by going to https://www.itsupportri.com/quote/ or calling 401-522-5200.