The First 60 Minutes: How to React to a Cyberattack

Don’t underestimate the danger of a cyberattack. Even small ones that are seemingly insignificant compared to major threats, like ransomware, have the potential to cause serious disruption to your operations. Regardless of the severity of the threat, you want to have an incident response plan that is tested, documented, and ready to deploy at a moment’s notice. Let’s go over what happens in the hour following a cyberattack and why acting quickly is so important.

What To Do During the First 60 Minutes of a Cyberattack

Before we get too into the weeds, know that you shouldn’t try to fix everything in the first 60 minutes. This is damage control, plain and simple, and you should be working to ensure your recovery measures are in full swing.

Here’s What To Do:

Contain the Threat
Things will only get worse if you don’t keep the threat from infiltrating other parts of your infrastructure. Isolate it by shutting down a server or disconnecting a workstation from the network. Once you’ve stopped the spread, you can take further action.

Communicate with Contacts
You’ll want a communication plan in place for these types of events, and it should outline who is responsible for various tasks associated with outreach. Who is going to tell your supervisor what’s going on, and who is going to reach out to the insurance provider and legal representation? Most important of all is who will reach out to IT to determine next steps. Make sure everyone is on board with this plan and knows it exists.

Control Communication
For situations like these, you’ll want a single point of contact that is handling public communication regarding the incident. Beyond that person, your staff should not speak publicly about the incident. This helps to control misinformation and keeps your business from being held liable.

Create a Record
Make sure you’re documenting everything that occurs from the moment the incident is discovered. This record should include data that was breached, as well as the steps you’re taking to resolve the incident. Make sure you’re waiting for IT’s permission to delete any data from the device that’s been infected, as you want to preserve evidence if you can.

Really, This is the Bare Minimum for a Response Plan

Probably less than the bare minimum, honestly—you cannot neglect this critical process, as it could mean much more than just an infected computer. It could mean risking your business as a whole. We can help make sure it doesn’t come to that.

If you’re ready to take security seriously, Accucom can help. To learn more, call us at (02) 8825-5555 today.