You’ve Been Hacked?

Yes, it can happen. It’s almost inevitable. So what can you do to prepare for the discovery that your systems have been successfully compromised? What plans should you have in place for communicating with law enforcement? Do you collect financial information from your customers? If you do, you must have a plan in place for notifying them of a breach.

What do we do first?

Here’s what you don’t do: don’t unplug or shut down the compromised system!

The typical first reaction in the discovery that a system has been compromised is to disconnect it from the rest of the network or shut it down completely. Don’t give in to that initial reaction. Unplugging or shutting down can erase important forensic information.

So… the first step is to call in an expert.

Right now – before you have such a situation – do yourself a favor. Find a local company that specializes in forensic investigations. Check them out, and have their number ready. Why?  You will want your own independent investigator.

Local law enforcement should be called – for insurance purposes, a police report is necessary. But often, unless there’s indication of a severe loss, your local police department going to put your investigation into a long queue of investigations. By having a forensic company on speed dial, you are more apt to know the depth of your situation much more quickly – and be proactive in identifying who else needs to be notified.

With a more serious breach, the Secret Service or FBI might need to be notified. The FBI has a Cyber Crimes division and a notification site. And the Secret Service Electronic Crimes Task Force can be found here: ECTF

If, in the course of business, customer information is routinely collected, and the compromised system is connected in any way to that information, affected customers will need to be notified. This goes back to having that investigator on speed dial. The sooner the extent of the compromise is determined the sooner customers can be notified. Speedy notification can not only save customers a great deal of trouble, it can save your company a great deal of face. How quickly a company handles such matters makes a difference in public perception of the company. And poor public perception can kill a company even more quickly than down time.

There may be legal ramifications in a breach situation. A local law firm that specializes in business law (including information security regulations) should be consulted before a breach happens. Ignorance of the law is never a good defense.

Build relationships in advance with the people you may need in an emergency.  That is good advice for any sort of emergency. The above relationships may make the difference between recovering from a data breach or losing it all.