The Small Biz 5 Step Plan to Security Breach Recovery

What do Wyndham Hotels, Yahoo, Zappos, The Wall Street Journal and Apple have in common?

CaptureEach of these powerhouse companies experienced a serious and costly security breach in 2012. In fact, Wyndham Hotels was hacked three times in two years and the results were monumental. More than 600,000 credit card numbers were compromised resulting in $10.5 billion in fraudulent transactions.

So, if some of the biggest, multi-national corporations you can think of — that invest millions in their IT and business antivirus software — are not invincible to sophisticated hackers, small and medium sized businesses should consider themselves vulnerable as well.

Although these high profile hacking incidents have been widely covered, Verizon reports that small businesses are more often the targets of choice. Of the 621 confirmed data breach incidents Verizon recorded in 2012, nearly half occurred at companies with fewer than 1,000 employees, including 193 incidents at companies with fewer than 100 workers.

Why do Internet criminals favor small and medium sized businesses? One reason is because many are suppliers and partners of large corporate entities offering a convenient pathway to these partners’ networks.

A second reason SMBs are a sweet spot for hackers is the opportunity to target companies in fast growing industries like healthcare, manufacturing and high tech sciences.

In either case, hackers operate like sleeper cells, waiting until the company is acquired by or merges with a larger company. Once the ink is dry and the data conversions begin, hackers are ready to strike — gaining access to breach the parent company’s systems and networks.

Although most SMBs will not experience a security breach, many will. So, how can your business recover following a hacking incident?


Step #1: Identify Whether an Attack Has Occurred

Identifying whether a hacking attack has occurred is incredibly challenging for most businesses. Security experts estimate that 60 percent of small and medium sized businesses detect compromises in as little as three months; however, it’s not uncommon for companies to take more than a year to discover data breaches.

This means hackers have plenty of time to wreak havoc, so know the warning signs. The following are signs of an attack.

  • Slow running machines or systems
  • Increased device crashes
  • Strange network usage patterns
  • Unusually large transfers of data to unknown destinations
  • Visits from unfamiliar IP addresses


Step #2: Investigate the Scope of the Compromise

Your next step in the recovery process is to figure out how many systems or machines are affected. Although many small and medium sized businesses have IT professionals on staff, they are less likely to have a cyber-security expert on payroll. So, now is a good time to call in the professionals.

Here’s why. You don’t want to risk increasing the reach and scope of the breach, subsequently spreading the problem. A data security expert can identify the type of attack being utilized by the hacker, conduct a network and malware analysis to figure out which systems and data files have been compromised.


Step #3: Contain the Attack

Once you have your arms around the issue, you will want to contain the attack. This means you will likely have to pull all systems offline simultaneously.

Your initial response might be to just pull the plug on machines as soon as a compromise is detected, but we recommend waiting until a thorough investigation has been conducted to determine how to protect your system from future attacks.


Step #4: Prevent Future Attacks

After pulling your systems offline, you need to install or reinstall business antivirus software programs from master discs. Then, use what you’ve learned about the breach to fill in your security gaps.

Because many breaches are a result of risky employee behavior — visiting unsafe websites, opening up suspicious email, clicking unsecure links — you may consider also

using web app firewalls to shield your website from attacks. Web filtering services are useful as well because they protect your employees from compromised websites that they might visit on work devices.


Step #5: Communicate Breaches

The truth is that many companies get hacked –it’s the price of doing business in a technology saturated world. But a hacking event doesn’t have to be catastrophic. So, plan ahead and include in your recovery plan communication with key stakeholders, customers, employees and partners.

Depending on what type of data has been compromised, you may also have a legal obligation to inform your consumers. This is most likely the case if personal information or financial data has been breached in any way; individual laws differ from state to state.

Although open communication may feel risky, honesty and transparency can actually build trust between your business and clients. Be sure to identify the scope as well as the efforts underway to prevent future attacks.

Learn how to keep your business safe from future attacks with business antivirus software.