Your company got hacked! Now what?

It’s the last thing a business owner or leader wants to hear – “we got ransomware!”, “the server was hacked!”, “a user clicked on a spam link!”. We’ve all heard many possible ways your cybersecurity plans can fail. Continue reading to see how the Beringer Team can assist customers in working through a breach or hack.

Stay calm so you can make rational decisions

• If you notice something suspicious, reach out to your IT immediately so that they can analyze the situation. If they determine that your company’s data is at risk, they should isolate your servers and workstations to prevent them from transmitting anything between each other and out to the internet.
• Contact your cyber-insurance provider. They have the necessary procedures to assist in safely evaluating the extent of the breach and can recommend options for remediation.
• Document whatever you know. Take pictures with your phone, if you can’t interact with a compromised device. Try to quickly gather details of what happened – if the user is aware – or how the incident was discovered.
• Don’t power off the device unless told to by your IT team. Disconnect it from the network if possible, to stop outbound traffic going back to the hacker. Don’t try to fix it just yet.
• Work with your IT provider to provide any details, logs etc. to help understand the extent of the breach and which data stores were accessed. Forensic analysis may take days or weeks to complete and affected systems will need to remain offline/unused until the work is completed.

Planning steps forward

Employees should be in the dark about the situation like everyone else – whoever is dealing with the situation should simply inform them that they’re dealing with an outage and they’re working with the IT company to resolve it (this is for legal & liability reasons in case personal information on the employees is at stake).

The forensics team assigned to you discusses entertaining the idea of paying a ransom (the company should never reach out themselves) – I would make it clear that the threat actors’ typically have a business model with two goals:

• Hold your files for ransom, in the case you don’t have backups.
• In the case that you have backups, threaten to ‘name and shame’ you out to the public and to publish the data they stole from your company publicly to the internet

The legal team assigned to you will assist you throughout the entire process on who to inform relating to affected parties from the breach.

Ongoing protection and vigilance

After the analysis has been completed, data has been restored and all systems are back online, the work is not over. Reinforce employee cyber security training at regular intervals, across the company. Implement any recommended cyber security remediation methods to prevent a similar attack in the future.

Remind technical staff to continue to be vigilant for any additional issues that may arise, as scammers may keep trying to create another hack, since it worked before.

Does your business need guidance on how to create and maintain a cybersecurity strategy, a reliable backup plan, employee cyber training, a comprehensive disaster recovery protocol or deploying multi-factor authentication? If so, give the Beringer Team a call today at 800-796-4854. We have extensive experience evaluating technology needs, business requirements, and cybersecurity strategy, as well as supporting servers, PCs, networking, cloud services and other technologies, for businesses just like yours!

At Beringer Technology Group, we’re not like most other MSPs! We offer both IT Managed Services and Microsoft Cloud Applications Consulting to customers in the Philadelphia area and beyond. Now offering Microsoft Co-Pilot and Azure AI Consulting services. Visit our website www.beringer.net to see all the services we offer and the industries we serve.