The steps you take after a breach can either increase or reduce the impact. Not having a cyber security response plan can lead to you paying much higher costs due to a delayed reaction.

IBM Security estimates that the global average cost for a data breach is €4.43 million. But organisations with a tested incident response plan can reduce that by €2.71 million, a savings of 39%.

Below sets out the vital steps that your organisation should take immediately following the discovery of a data breach, ransomware incident, or another attack. Putting these into an incident response plan can save you millions in costs should your office suffer an attack.

1. Disconnect Infected Devices from Your Network

Many types of malware are designed to spread throughout a network as fast as possible. This is especially true for ransomware, which locks users out of their files through the use of encryption. 

As soon as you discover that a breach has occurred, you should disconnect the infected device(s) from your network to try to contain the spread. This includes disconnecting the device from Wi-Fi and any hardwired ethernet connections and other systems including syncing cloud services.

You don’t necessarily want to shut off the device’s power until you have spoken to an IT professional. 

2. Have a Professional Assess the Damage

Don’t try to deal with a cyber breach yourself. Unfortunately, people can make things worse if they do things like try to go online to download some free virus scanning tool (that could actually be a malware trap).

Instead, once your machine has been isolated, contact a trusted IT Security Expert that can come and assess the damage and provide guidance. We have expertise and years of experience dealing with all types of data breaches and malware infections. This allows us to assess the issue and formulate a remediation strategy as fast as possible.

3. Remediate the Infection 

Remediation of the infection is next. You don’t want more of your client files being stolen while you’re dealing with the fallout. Once the breach is assessed, your IT Security Expert will begin remediating the breach to secure your network.

4. Determine Whether Client Data Was Breached

Find out what type of data was compromised. Did the attacker gain access to a client database with names, addresses, phone numbers, client files or personal information.

This is not usually a pleasant task to determine the extent of the breach, all information held is sensitive so it's important to identify and notify impacted clients or third parties.

5. Contact Law Enforcement

Not every business will contact law enforcement when hit with a data breach, even though they wouldn’t think twice about doing so if this was a physical break-in. But data breaches are break-ins as well, so they should be reported.

Reporting the incident has a few benefits:

• You have a record of the incident for any potential insurance claims.
• ·You can track the breach, which may connect to others that have been reported.
• Your report can be referred to in data privacy compliance reports and shows responsibility on the part of your organisation.

6. Carry Out a Notification Plan According to Data Privacy Requirements

You will need to review the data privacy regulations that your organisation is subject to, such as GDPR, and make notifications to third parties according to their guidelines. If notification isn’t made in a timely manner, it can lead to penalties, as well as a significant loss of trust in your business by those you need to contact.

7. Improve Defences to Stop Future Breaches

Once, you’ve handled the most time-sensitive steps above, next, you will want to reinforce your defences to ensure this type of attack doesn’t happen again. A good way to do this is by having a cyber security assessment performed. A cyber security assessment can include penetration testing, which helps an IT Security Expert pinpoint specific weaknesses in your network that need to be fortified.

Want to learn how HLB can help protect your business? Visit our Cyber Security solutions page here.