SXSW: How to act to a cyber attack

SXSW: How to act to a cyber attack

One of the events that we attended at SXSW was about cyber attacks and how essential it is to know the actions that you have to take in such an occurrence: "You've been hacked: Now what?". The presenters of this session, Corey Ealons, Sr VP at VOX Global, and Sterling Miller, Sr Counsel at Hilgers Graben - with a wide range of experiences in The White House, Capitol Hill, political campaigns, commercial marketing and the U.S. military - made interesting points and took us along in an interactive cyber breach demonstration. A simulated crisis in which we as the audience had to make choices in specific actions. We've got inspired and we'd like to pay some attention to this topic. Every company wants to be secure and safe without any defects. But what happens in the unfortunate case when you find some form of data being exposed? I'm really sorry, but you’ve been hacked! Therefore, in order to be able to act upon a potential attack and identify the causes of it, there is a number of things you need to consider. This article focuses on the technical recovery after a cyber attack and the external as well as the internal communication about the incident. It concludes with key points on how to be prepared for such an attack.

Hacker attack associations

The first thing your company needs to conduct after an attack, is the technical recovery. There are a few questions that you would have to answer. Was the attack a breach or an incident? When you assure that the breach has been stopped, you would like to know what kind of data and information was taken. That part of data, was it encrypted or not? Afterwards, you have to look if you can find who penetrated the systems and for how long they had access to them. In some cases, there might be a form of communication from the attackers. Another factor that has to be investigated is the geographical area which was hit the most. And what if someone outside of the company is aware of the attack?

When all of the above questions have been answered, you would have to communicate about the attack, to customers, clients, employees and the media.

When creating a media statement, you have to outline the nature of the event and that your team is doing its best in order to resolve it. It is always better to provide an apology along with the statement since it makes it more personal and shows that you care about your customers. Identify if there is a third party that helps you find the problem. Do not reveal any numbers that you have may be found yet. You do not want to cause panic to anyone. In oppose to that, you have to ensure that you are on top of the issue. As said before, focus on the consumer and do not get any technical, as that will confuse more than do any good. Last but not least, let them know that you will update them with any upcoming news for this specific issue.

Cyber attack data breach

As concerning the social media, you have to make sure that the posts are monitored on an ongoing basis and are immediately corrected in case of any wrong information that is presented. The person that manages and responds should post as real person and not as the company, which is very impersonal. The message should be simple and concise. Along with the social media, work to individual customer issues to a service line or another offline setup.

When you have addressed the external communication, it is time to look on how to inform your team. Similar to the media statement, outline the nature of the event. Ensure they understand that your customers are your number one priority until the issue is resolved. Invoke some team spirit, it always helps in such occasions since some might be a bit stressed out and afraid that they might lose their jobs. Provide you stuff with directions on how to handle media inquiries, social media and customer inquiries.

As it is better to be on the safe side, it is always good to be prepared for such an incident. There is a number of processes and regulations that will make you feel more safe such as identifying who is on your crisis response team, crafting a written response plan and much more which will be discussed in the next part, so stay tuned!

Are you interested knowing more about deep linking? Visit our recent blog “Shaping the Web of Apps through Deep Linking”.

Continue reading part two on “How to protect your business from a cyber attack”.