I’ve been a victim of a cyber attack. Now what?
In recent years, it has become increasingly common to hear about cyber attacks. Some companies, including Vodafone and SIC, have had their computer systems affected by cyber attacks. What if it happened to your company? Would you know what to do? In this article, we’ll explain this and much more.
What are cyber attacks?
Cyber attacks or computer attacks are the act of a hacker trying to access a network or network system anonymously with the aim of damaging or destroying it in order to obtain personal data or a financial advantage. To find out in detail what the main threats to your company’s cybersecurity are and how to identify them, you can read (mention blog article on cybersecurity).
How can you ensure your company’s IT security?
There are various methods you can use to ensure your company’s IT security, the most recommended of which are:
- Awareness of the basics of computer security;
- An intelligent firewall;
- A VPN;
- A backup system;
What should you do in the event of a cyber attack?
It’s important to have a contingency plan to follow in case one of your devices is affected by a cyber attack. Here’s how to proceed:
- First of all, identify the affected device and isolate it,since an attack can spread through your network;
- Notify your IT team so that they can implement the necessary technical procedures to deal with the attack;
- Determine the type of attack. This will help you understand the hacker’s next steps, how the attack could spread through the device and how it can be removed;
- Inform employees that there has been a security breach at the company, explain what this means and outline protective measures;
- Change your login details. Even though the hackers have already accessed your network and can now move in and delete backups, it’s important to change your login credentials so that they don’t prevent you from trying to recover your data.
- If your company processes personal data (GDPR), you must inform the National Data Protection Commission within 72 hours.If you don’t, the company will be subject to fines ranging from 4% of annual turnover to 20 million euros in very serious cases, or half the amount in less serious cases.
- In the event of a ransomware attack, do not pay.The National Crime Agency recommends not paying the ransom, as doing so may encourage hackers to repeat the process, creating a vicious cycle.
- When the attack is over, it is important to update your security systems to prevent hackers from exploiting vulnerabilities in older versions of the software.
- Lastly, use your backups to recover your information.This is why it is always so important to keep up-to-date backups of important files in order to recover your data quickly.
After you notify the National Data Protection Commission, an inspection will be carried out and an investigation conducted to determine whether the company had a secure information structure, if data privacy protocols obey the rules and if there is a backup of the data, it being possible to determine precisely where this copy is. Failure to comply with these security measures will result in fines and, in serious cases, companies may be forced to stop processing personal data.
Sisgarbe will help you keep your company safe. Get in touch and start protecting all your data today.