What to Do If Your SMB Gets Hacked
In a world where much of everyday business takes place online, no company can remain truly free from cybersecurity threats. These virtual attacks do not stop in seemingly more lucrative multinational conglomerates–in fact, studies have shown that SMBs can be more vulnerable to attacks due to the lack of a strong IT infrastructure, with around 43% of SMBs being the victim of cyber attacks, and a whopping 61% of SMBs falling prey in 2021. In the face of such a threat, even if your business isn’t suffering from a cybersecurity threat at the moment, it is hugely beneficial to be equipped with the knowledge of what to do in such events.
Let these steps guide you in a cybersecurity attack
Previously, we have covered detailed content on measures to take to strengthen your business’ digital perimeters in a world rampant with cyber insecurities. If you truly find yourself in the predicament of an actual cybersecurity attack, here are some immediate measures to take:
1. Isolate all affected systems
Cyberattacks may start regionally in your business’ IT system and then spread further to freeze the entire system. As such, preventing the malware from spreading is key. Disconnect any compromised devices from the network immediately before further damage is done.
2. Contact IT professionals immediately
Cyberattacks are becoming increasingly sophisticated, and it often takes proper, specialist IT training to diagnose, address, and terminate an attack. Gather experts in your IT team who may be knowledgeable of such events; if you do not have an in-house tech team or do not have employees within your business who can adequately manage cyberattacks, contact verified external experts (try to have a list of trusted contacts ready even when not under attack). Immediacy is key: cybercriminals can exploit a business’ vulnerability in a matter of just seconds, and they can compromise enterprises in a sheer few minutes. Cybercriminals also take advantage of holiday seasons to make moves, catching business owners off-guard. As such, it is necessary to stay alert all-year round.
3. Keep all helpful evidence of the attack
In the heat of panic during a cyberattack, it may be instinctive to delete everything. Remember that doing so would make it difficult to compile evidence when reporting criminal activity, and would render it challenging to determine the cause of the data breach. Therefore, do not dispose of any logs or data that may be key in a later investigation.
4. Make changes to system credentials
To protect your data and avoid further damage, it is mandatory to change IT credentials as quickly as possible. Bear in mind to reset passwords across all systems, and crucially, ensure that the two-factor authentication is enabled and functioning.
In the next phase, communicate and report the incident
After taking the above steps, when the incident has cooled down, communicate and report the cyberattack. Multiple parties should be kept in the loop, including:
1. Local and/or national authorities
Contact your local or national cybercrime unit for investigation, preparing all evidence and details needed before doing so. Sometimes more than one organization is affected under the hands of the same cybercriminals, so swift action can be beneficial. Keep in mind your regional compliance rules when it comes to reporting data breaches.
All employees of the business must also be aware of the cyberattack. Subsequent steps for them must be clear and employees should be encouraged to speak up should they have observed any key information or know anything about the attack.
3. Stakeholders and partners
Stakeholders have a financial interest in the business and any major event or action must be reported truthfully and thoroughly. While it may be difficult to communicate the news of a cyberattack, transparency is key; failure to do so would lead to unwanted reputational damage on top of the already tangible cybersecurity issue.
Remember that reporting cyberattacks is often a legal requirement, especially if sensitive information on clients has been compromised. In the USA for example, some entities are obligated to inform the Cybersecurity and Infrastructure Security Agency (CISA) of any cyber and ransomware attacks. Crucially, this has to be reported within 72 hours from the time that the attack was suspected to happen.
Then, assess and rectify cyber damage
1. Determine the level of cyber damage
Before fully going back to business, there is a need to determine the extent of the cyberattack and what exact data has been compromised. What data was accessed and what others were stolen? What can be done in relation to the loss? Conduct an analysis of the vulnerability that was exploited and what cyberattack implies for the business going forward.
2. Patch and secure
The next step would be to patch and secure–that is, ensure everything work-related– software applications and systems, are well updated. Once the root of the data breach is identified, reflect and try to close the vulnerability in hopes of preventing similar attacks going forward.
3. Backup and restore work files
Files contain data that lie at the heart of the business, and they need to be backed regularly to prevent any potential loss from cyberattacks. To do this strategically, restore systems using the most recent clean backup and also remind employees to develop the habit of checking file backups.
Finally, reflect further and invest in the prevention of future cyberattacks
1. Ensure thorough cybersecurity training is in place
In many cases, cybersecurity happens as a result of negligence. The safety of a business would be more robust if all employees, regardless of their roles, were aware of the many forms that cybersecurity can take, steps to prevent a cyber attack, and what to do in the event of one. It is therefore key for employees to undergo rigid training on cybersecurity. Effective training is not easy to develop, however, so it is crucial to design a memorable program that would make a lasting impression in terms of steps to take.
2. Invest appropriate funds in security
While seemingly costly, cybersecurity is not a nice-to-have, but a need-to-have for businesses. Here are some good tools to get started:
- Security Information and information and event management (SIEM) technology software– this can monitor real-time security alerts and manage incidents
- Antivirus software and firewalls
- Intrusion detection and intrusion prevention systems (IDS & IPS)
- Encryption tools
- Multi-Factor Authentication (MFA)
- Acer Secured-Core PCs
In addition to having this basic toolkit, be sure to engage with regular security audits and cybersecurity assessments, and stay alert at all times.
Your business's cybersecurity: Be proactive, but still be prepared for the worst with Acer’s Secured-Core PC laptops
Cyberattacks are costly and businesses cannot afford for them to happen– they incur financial loss, heavily disrupt operations, cause intellectual property loss, and even may cost a business its hard-earned reputation. It is not enough to only be proactive– the worst can happen even to the most careful of businesses. Here at Acer Corner, we have already introduced seven cybersecurity tools to avoid falling prey to cyberattacks in times of peace, but for sustainability, businesses still have to be well-equipped for the unexpected.
Although there isn’t a single, omnipotent device that can ward off all cyber attacks, there is good reason to trust Acer’s thoughtfully designed secured-core PC laptops. Acer’s secured-core PCs show good promise in giving multiple layers of protection from cyber attacks. Firstly, their hardware-based security features can play a considerable role in blocking out cybercrime attempts; using secure chips that can protect encryption keys, sensitive and critical data are in safe hands. These PCs also come with features that safeguard the firmware: the UEFI Secure Boot ensures that only trusted software can be loaded when a device starts, and the Measured Boot looks out for any tampering of firmware. Crucially, its Dynamic Root of Trust measurement can ensure that a device is in a secure state before it gains access to any sensitive data.
Fortifying your business’ cyber safety even further, these Acer secured-core PCs also come with Acer ProShield Plus– a built-in application that protects devices against unauthorized access, supported exclusively on Acer devices. A separate software suite with other useful cyber security services can also be found with Acer ProShield Plus Service in the Microsoft Store. Coming with strong compliance with HIPAA and GDPR data protection regulations, your business can also count on Acer’s secured-core PCs to be in good hands when it comes to cyber law.
Reliable and critically built with advanced technology, Acer’s secured-core PCs are designed to help your business navigate today’s complex cybersecurity landscape. The safety of your business is uncompromisable, so explore today what this series of devices can do to protect the cyber integrity of your business.
Esme Lee is a science writer and editor in the UK, carrying a passion for tech copywriting. She has a background in educational neuroscience and holds a PhD from the University of Cambridge.