Cyber-Security: Risk Management and How to Respond to a Cyber-Attack
The importance of cyber-security increases daily, with more and more sensitive information and company data being stored online, and therefore being a target for cyber-criminals. Cyber-security aims to reduce the risk of cyber-attacks and protects against the invasion or exploitation of systems, networks, and technologies. This article aims to offer employers guidance regarding what steps they should take after experiencing a cyber-attack.
Steps to Take After Experiencing a Cyber-attack
When a cyber-attack occurs, it is important that your organisation has a plan in place to respond and mitigate the damages caused. For cyber-security cases it is certainly a time sensitive subject, and your incident response plan must specifically address key actions to implement immediately after the attack.
During the first initial hours, your organisations response can ensure business continuity, protect stakeholders, limit legal repercussions, and put a stop to the incident quickly and efficiently. Successfully containing a cyber-attack or data breach can also result in significant financial benefits.
To minimise the long-term damage of a cyber-attack, employers should consider taking the following steps immediately after a breach occurs:
- Document the incident – As soon as an organisation discovers a cyber-attack has occurred, it should begin the documentation of all information they know on the incident. Include when and how the attack was found, the technology and data effected by the attack, and any other supporting evidence regarding the event. Update as and when more information becomes available.
- Inform key personnel – The appropriate members of an organisation’s response team should be briefed and alerted. This should include company IT leaders, crisis communication experts, and legal professionals. These individuals should then start to carry out their designated roles and responsibilities outlined in the cyber-incident plan. If necessary, inform additional employees.
- Secure all workplace technology – Take any necessary steps to secure servers and devices. Take any impacted technology offline, without turning the device off, to make sure you keep any important evidence accessible. Run any backup systems or data required to perform key operations and ensure business continuity, if possible.
- Seek further Assistance – Reach out to necessary law enforcement or forensics to start an in-depth investigation into the incident. Consult your insurance broker to begin the claims process and receive further assistance.
- Inform appropriate parties – Develop a plan with experts on crisis communications, and legal professionals to share the relevant information regarding the attack with stakeholders and shareholders in the organisation, as well as government agencies if necessary.
What is Two-factor/multi-factor authentication
Two-factor authentication, also known as multi-factor authentication, is where a user must provide two, or more, pieces of evidence to verify their identity in order to gain access to an app or digital resource.
Using Two-factor Authentication
Employers are strongly advised to consider utilising two-factor authentication in their organisation, in order to improve their company’s cyber-security, and reduce the chances of a damaging data breach.
Two-factor authentication gives an extra layer of security when an employee or other user attempts to login to the company’s system or network. As well as the standard password barrier, two-factor requires an additional form of confirmation because even the strongest of passwords can be breached by hackers. Without a second form of proof being required, cyber-criminals could potentially gain access to important accounts, private systems, customer files and other sensitive information.
There are many options to consider when it comes to implementing two-factor authentication, which include:
- Text messages – By providing a mobile number, an online service can send the individual a code that must then be entered to finish the login process. Some services with the right technology may also be able to provide a voice message instead, which would be recorded in a message.
- Authenticator Apps – Mobile phone or tablet apps are a popular means of two-factor authentication. Apps such as Google Authenticator and Microsoft Authenticator are compatible with many online services. This option is beneficial for some employers, as it only requires an internet connection and not a mobile signal as with the text alternative.
- Backup codes – Some online services will provide users with database of backup codes to use for future logins. This method is advantageous when user’s expert to have poor or no mobile/internet connection, or even no access to a mobile phone at all. Users should note that the codes used in this authentication are one-time entries. Lists of the backup codes should be stored in a secure location, making sure the list is secure is vital.
The National Cyber Security Centre recommends organisations set up two-factor authentication for ‘high value’ accounts that contain important information. Email accounts should also be protected by two-factor authentication. Cyber-criminals who hack into an email account may then be able to use that access to reset passwords for other services.
NCSC Report Scam Website Tool
The National Cyber Security Centre (NCSC) has created a new tool that allows users to report scam websites. It is the NCSC’s attempt to recruit the public to help fight against cyber-criminals.
Cyber-criminals can use fake websites in an attempt to download viruses onto a user’s device or steal passwords and private info from accounts.
The NCSC tool requests that users provide the following information:
- A link to the suspicious website
- Information regarding the user first encountered the website
- Any other information the user may seem as relevant in the case
Once the NCSC has received the report, they will then analyse the website in question. If it is found to be a scam or malicious, a notice will be issued to the hosting provider in an attempt to get the site removed.
This service is a way of bolstering the NCSC’s efforts to combat scam websites, adding to last years Suspicious Email Reporting Service, which allows users to forward suspicious emails to report@phishing.gov.uk.