You’ve been hacked. Now, it’s time to deal with the aftermath. It’s going to take a lot of patience and resources to get this all sorted out. You’ve fixed the problem and stemmed the internal bleeding, but what do you do now? Keep calm, and read on…
- ) Communicate
This is going to be tough, but you have to admit fault. Taking responsibility and informing anyone affected by the breach what has happened is the priority. They have the right to know when they’ve been compromised, and accepting responsibility and staying transparent is the best way to start the process of regaining their trust. Let them know what steps you’re taking so this doesn’t happen again, and make sure you follow the plan step by step.
- ) Keep Records
According to the Department of Justice, companies that are victims should keep the following records of their attack:
- A description of all incident-related events, including dates and times
- Information about incident-related phone calls, emails, and other contacts
- The identity of persons working on tasks related to the intrusion, including a description, the amount of time spent, and the approximate hourly rate for those persons’ work
- The identity of the systems, accounts, services, data, and networks affected by the incident and a description of how these network components were affected
- Information relating to the amount and type of damage inflicted by the incident, which can be important in civil actions by the organization and in criminal cases
- Information regarding network topology
- The type and version of software being run on the network
- Any peculiarities in the organization’s network architecture, such as proprietary hardware or software.
Now that you have your records in order, it’s time to make reports. The government works around the clock to search out and mitigate damage by cyber attackers, and letting the authorities know is important so they can go after the right people.
This is the chain of command: Your Own Organization > Law Enforcement > The Department of Homeland Security.
It’s a great idea to be in contact with a local branch of the FBI when you’re creating your action plan. Building a rapport with the local law will speed up the process during the reporting stage since you will already have the information in hand.
The Department of Homeland Security also wants reports on Phishing emails that your company may receive so they can wrangle them before they create new victims. To create a report, you can use these links:
https://www.us-cert.gov/forms/report? < Report an Incident
https://www.us-cert.gov/report-phishing < Report Phishing