It's a scary thing to be the victim of a cyber attack. We've all heard stories of companies who had their data breached and paid millions in fines, lawsuits, and even reputational damage. But how do you know if your company has been breached? And what should you do if it has? Luckily, there's plenty you can do. Here are some steps to take after being hacked. 

If you've been breached, don't panic. 

Your first instinct may be to call the police or hire a cybersecurity firm to assess the situation and help you determine what information was stolen. There are many steps you should take before contacting law enforcement or hiring outside help: 

  • Don't share information with anyone except those who need it (e.g., employees or customers). Even if someone claims they're from "the FBI," they might not be FBI agents; instead, they could be scammers trying to trick people into giving up personal information that would later be used for identity theft or other nefarious purposes. 

You've got a few steps to take first. 

  1. Don't panic: It's natural for people who have just been breached to want answers immediately, but rushing into action without thinking things through can lead to destructive paths that could make things worse (or even more expensive). Instead of panicking and doing something rashly, take the time needed to understand what happened and how best to move forward from here on out.  
  2. Don't make any hasty decisions: The last thing anyone wants after getting hacked is having another problem crop up because they did something like click on an attachment from someone claiming they work at Apple support calling themselves "Steve Jobs" (note: this happens). To avoid making mistakes like these, stay calm until all facts have been gathered, and then make informed choices about how best to handle them. 
  3. If anything else goes wrong after being hacked--like identity theft or credit card fraud--then chances are good it'll be because someone else used information obtained during those initial breaches against them later down the line. 
  4. Don't be rash: When faced with news such as this, one might think twice before sharing with friends via social media platforms like Facebook Messenger so they can read messages sent directly between parties involved instead; otherwise, there may come back later and bite us much more complicated than expected when trying to recover lost funds due everything else happening concurrently happening outside our control at the same time. 

Gather as much data as possible. 

Once you've confirmed that a breach has occurred, your priority is to gather as much information about it as possible. That means increasing employee awareness, collecting any data that may have been stolen (and making sure you have copies of this data before deleting it), and using forensic tools to gather more evidence of what happened: 

  • Increase awareness: Your next step is to ensure all employees know about the breach and its implications. This includes sending emails explaining what happened, posting notices on company websites and intranet portals, and creating videos with step-by-step instructions for those who prefer video tutorials over written ones. You should also designate someone within HR or IT who can answer questions from concerned employees directly--don't leave them hanging. 
  • Recover lost files: Once you've notified everyone involved in the incident at hand through email alerts, social media posts, etc., it's time to get down into business mode by recovering any lost files. 

If you haven't already, notify the FBI and the Department of Homeland Security. 

If your company is required to report a breach, you should notify the FBI and DHS as soon as possible. If you don't, you could face civil penalties. How do you know if this applies to your situation? 

  • The OIG has published guidance on what constitutes a "large-scale" breach (more than 500 individuals affected), so check before deciding whether to contact law enforcement agencies. 
  • Reviewers will also consider things like the nature of stolen data, whether stolen information includes sensitive personal information such as social security numbers or medical records; how much time elapsed between when hackers accessed systems and when they were detected by IT staff; whether passwords were compromised in addition to other credentials (such as email addresses); whether hackers gained access through social engineering techniques like phishing emails rather than technical exploits like brute force attacks against user accounts. 

If it was another company's fault (like one of your vendors), alert them about their security practices too. 

If you're a data breach victim, you must notify the FBI and DHS. They will be able to help you determine if any personal information has been stolen and if anyone has used that data for fraudulent purposes. You should also contact your state attorney general and other relevant government agencies in your region (like the FTC). 

If you don't have cyber insurance, consider hiring an expert who can conduct an independent forensic investigation into what happened and what steps must be taken. This could include hiring lawyers or public relations specialists who specialize in handling these situations so they don't become PR nightmares for companies like Equifax did last year after its massive data breach made headlines worldwide. 

Contact your insurance agent or broker if you have cyber liability coverage. 

If you have cyber liability coverage, contact your insurance agent or broker. They can help determine how best to proceed and the steps necessary for recovery. 

If you don't have cyber liability coverage, consider getting it as soon as possible. Depending on the size of your business and what kind of data has been stolen, this could be a severe financial burden without an insurance policy in place. Cyber liability policies can help recover from a breach by covering costs like: 

  • Identity theft protection services (to monitor credit reports). 
  • Legal expenses related to lawsuits filed against you by customers or employees who were affected by the breach. 

Update your cyber security protection as soon as possible. 

  • Change all your passwords, including those for email and social media accounts. 
  • Update your antivirus software, firewall, and patch management system (if you have one). 
  • Ensure you are running the latest version of any operating systems and web browsers on your devices (including mobile phones). 

Working with an expert-managed cyber security services provider can help you guard against future attacks and liability issues after being breached. 

After a breach, you first must ensure you're covered. Working with an expert managed cyber security services provider can help you guard against future attacks and liability issues after being breached. 

SSI has a team of experts that can help you: 

  • Improve your overall security posture. 
  • Reduce risk exposure through insurance programs and business continuity planning services (BCP). 
  • Lower costs by leveraging our expertise as an outsourced IT department. 

Here's how SSI can help 

SSI can help you with a wide range of cyber security services. We have experience working with companies of all sizes and industries, including financial institutions, healthcare organizations, and educational institutions.  

We can assist you during an actual breach or before an incident occurs by: 

  • Developing a comprehensive cyber security policy that aligns with industry best practices and meets regulatory requirements 
  • Conducting risk assessments to identify gaps in your current infrastructure or processes 
  • Reviewing existing policies, procedures, and controls related to information security

In summary 

If you're looking for a managed cyber security services provider, we can help. We offer comprehensive protection from hackers and other online threats and guidance on how best to recover from a breach. Contact us today to get started.