Home > 

Blogs > 

suffered cyber attack now what

You have suffered a cyber attack – now what?

by RJ Davies - 26 January 2019


If you are the victim of a cyber attack, you can be left there wondering what steps you should take. Here are a few tips on what you can do to help.

First off, when identifying the data breach, you need to document the following:

  • When it took place
  • How it will affect customers
  • What assets were affected
  • Who are the victims
  • The type of attack

This is needed as you might have to hire an Information Technology [IT] forensic team and provide them with information about the attack. This will guide the forensic team in their research. Whether or not you’ll need the forensic team depends on the level of cyber attack. A situation that involves targeted cyber-attacks that cause a data breach, removal of vital services for users, damaged network security would be an example of a severe attack.

Your personal IT team needs to take action starting with moving sensitive data away from the network, if banking and login information isn’t encrypted already, do this and reset all logins.

Keep your servers on but disconnected from the web. This’ll keep outside access away from the access points and highly sensitive data being transferred. The servers need to stay on as the IT forensics team need to assess the full damage and it’ll let you know what caused the infection and understand your vulnerabilities so you can protect them in the future. If changes happen, keep documenting them to assist the forensic team. Interview those involved in discovering the breach and everyone else who knows about the attack. Report to the police, if/when considered appropriate.

Set up a communications team that’ll be supported by crisis specialists and reputation lawyers for internal and external communications. If not handled in the correct manner, false information can be released that can damage reputation. Take your time so you can make your messages clear.

We recommend having back up servers, if you have these update them first so you can protect them against another attack and switch to them allowing the business to operate as normal.

After everything is organised, keep an eye on credit reports and look for any signs of identity theft.  This can involve cards you didn’t apply for, utility bills not arriving and debt collectors calling about loans you did not make.If you are regulated by the Financial Conduct Authority (FCA) you are required to report the cyber attack.

If the incident is criminal, you should contact Action Fraud by calling 0300 123 2040 or through their website. If the incident is a data breach, you may need to report it to the Information Commissioner’s Office.