Have you been a victim of a cyber-attack?
More and more companies are falling victim to cyber-attacks. Technology is essential in practically all businesses, so we are forced to have greater control over what enters and leaves our network, whether malicious or not. Cyber-attacks are the order of the day and can take many forms, from theft of information for subsequent sale on the deep web to the interruption of company production.
SMEs have become one of the favorite targets of cybercriminals due to their limited resources in cybersecurity, the consequences of these attacks have a high cost that most of these companies cannot afford and end up closing(Link). In this article we discuss the steps to follow if you have been the victim of a cyberattack and we will summarize the roadmap required in this type of situation.
How to act in the event of a cyberattack
The first thing to bear in mind is that no element connected to the network can be 100% secure, but we can make every effort to make it as difficult as possible for cybercriminals to operate.
1. DETECT AND ASSESS THREATS
First of all, it is crucial to detect the cyberattack as soon as possible, to know where it is coming from and what dimension it can reach. We can do this through an IDSan intrusion and suspicious activity detection tool within the network.
Key questions to detect it:
- Which documents are affected?
- Are there inaccessible platforms?
- Have passwords been changed?
- Have new applications or services been installed without authorization?
- Which users or accounts show suspicious activity?
3. DOCUMENTING THE EVENT
It is essential to document everything we know about this event, where the threat came from, how it was detected and by whom, what assets it impacted and above all, what we have done to contain the attack.
This document can be used for future incidents and threats, as well as to correct the vulnerabilities that made the attack possible. Documentation is an ongoing process until the entire performance is closed.
5. LEARNING AND AWARENESS
Once we have everything under control, we must reflect on what happened and analyze the documentation prepared in order to improve it and develop a more effective protocol for future attacks.
In addition, it is especially important to raise awareness and train employees in cybersecurity issues.
2. CONTAIN THE ATTACK
Now that we have identified it and know where to locate it, we must proceed to contain the affected elements. This helps us to focus on the solution while preventing the attack from spreading to more assets.
It will probably be necessary to change passwords and disable credentials, block access to the wifi network and shut down all compromised systems. And most importantly, contact security experts who can guide us through the entire recovery process.
4. COMMUNICATE WHAT HAPPENED
Transparency is essential for the company to maintain the trust of customers and employees, in addition, it is mandatory to inform the Data Protection Agency that we have suffered a cyberattack, we have a margin of 72 hours to let them know.
On the other hand, we must warn both company employees and customers so that they know what has happened and the possible threats they may face as a result, phishing, vishing and smishing, among others.
Additional Resources
If you are interested in improving the security of your company and do not know where to start, INCIBE (National Institute of Cybersecurity) provides guides focused on learning for entrepreneurs and resources that facilitate the management of cybersecurity for companies.
AceleraPyme also has many resources for companies that may interest you if you want to protect your business.
If you are curious about the number of cyber-attacks that can occur, you can access this map which shows where and from where these cyber-attacks are occurring in real time.
Want to check your company's cybersecurity?
Contact us for a cybersecurity audit. If you are an SME, you can apply for the Activa Cybersecurity grant.
