7 steps to prepare and protect against a cyberattack

To protect your business from a cyberattack, you need to develop a detailed cyberattack prevention strategy and incident management plan:

1. Name the key individuals with specific roles that will be involved in responding to the attack. There should also be a notification procedure once an incident is detected, with a chain for escalation so that decisions are made effectively and at the appropriate level. Each individual should know their role and what is required of them when an attack occurs. It’s a sensible idea to test run the procedure to see that it works effectively and adjust it if it doesn’t.
2. Ensure there is a process for investigation into the attack’s characteristics and impact on the business. You’ll quickly need to be able to identify if the attack is significant and what aspects of the business are affected, such as IT infrastructure, data, bank accounts or websites. If a specific system or set of data has been impacted, are you able to identify those specifically?
3. Whilst responding to the attack will be your top priority, it’s important to preserve any evidence of how the breach may have occurred, as this may assist claims or investigations by authorities at a later date.
4. Do you have a plan for communicating the attack to external stakeholders? Is there a requirement to notify business partners, authorities, employees, contractors, clients, insurers? Create a communications plan to keep these stakeholders informed.
5. Conduct regular risk assessments to identify any vulnerabilities your systems and processes may have. This way you can adjust your systems and response plans accordingly.
6. Carry out training and awareness courses for employees on a regular basis. Ensuring that employees understand the risks and the organisation’s policies and procedures will be crucial. Whilst attackers use a range of methods, they will frequently target organisations through their employees as a weak link to attempt to gain access to their IT systems.
7. Implement technical defence measures, such as firewalls, malware protection and secure backups which are stored separately from the main operating systems, therefore protecting you if your main operating system is compromised by an attack.

How to respond to a cyberattack

In the unfortunate event of a cyberattack, it’s important to respond quickly to secure any sensitive data and ensure a swift return to business.

1. Quickly assess the damage: Work with cybersecurity consultants and legal advisors to understand the extent of the cyberattack, what your potential losses are and take the necessary technical steps to prevent any further damage.
2. Communicate and give notifications where necessary: Assess whether the attack requires notification to regulators, such as the ICO, or any of the affected individuals such as customers or suppliers. You can engage PR teams and regulatory legal advisors to ensure compliance with legal obligations and minimise the impact on stakeholders.
3. Consider whether to take legal action against the attackers: For obvious reasons, these groups will go to great lengths to hide their identities so that they can’t be traced. However, in certain circumstances, it is possible to obtain an injunction against “persons unknown” that seeks to prevent the dissemination or publication of confidential information. In addition, the courts have also been willing to grant a claimant alternative ways of service where the location of the attackers is also not known. Whilst the practical enforcement of such orders can be difficult, it may be a necessary step to demonstrate to stakeholders that proactive measures are being taken and also may dissuade any potential future attackers.
4. Consider whether there are grounds for a claim against third party suppliers: Consider whether there were any weaknesses in your IT systems or protections which third party suppliers were responsible for and which were relevant to the attack. If there were, then there may be a route to pursue them for the damages suffered through legal action.

How we can help

Our team of experts from around the business are here to help, bringing real-world experience and specialist knowledge to the table to make sure you find a way to solve your cybersecurity concerns.

If you need support to protect your business from a ransomware attack or have any questions, please contact Sally Mewies or Jack Heward.