Here at SCS, we often share tips with our clients on how to prevent cyberattacks, but sometimes cyberattacks happen before you’ve had the chance to implement a comprehensive, “hacker-proof” strategy into your business.

As businesses move to a remote workforce, hackers have increased their activity, using various methods that continue to be extremely successful. If the worst should happen, and you find yourself a victim of a cyberattack or if you’re just interested to know what you might need to do if an attack ever occurred, here are some potential steps you might take, depending on exactly what happened.

It is important to remember that while we can give advice, offering a blanket “to do” list in the event of a cyber attack will not always be relevant to the type of attack. This blog is therefore for informational purposes only and you should always speak to a professional to assess your compromise\breach on a case by case basis – it is always better to be safe than sorry!

Contact your trusted and experienced IT Specialist

If you don’t have one, our team at SCS can help. As every cybersecurity attack is different, they are all dealt with in different ways depending on the breach. We would work with you to recover data, inform relevant bodies and individuals and put in measures to stop similar attacks happening.

Work out what data has been stolen

After you have consulted your IT service provider, due to the wider variety of cyberattacks that take place, it is important to find out exactly what data the hackers now have access to. It could be anything from your businesses personal information, to customer and employee data. Depending on how the attack occurred, it could also be data from just one device, or a whole network of information.

Your experienced IT specialist will likely be able to find this information out for you, and they will be in the best position to advise you on what to do next.

Disclose the information you have gathered to the ICO

Since GDPR and data protection laws were implemented in the UK, it is now a legal requirement to report any data breaches which involve the “accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data” within 72 hours.

The ICO is the UK’s independent body set up to uphold information rights. You can find a self-assessment form on their website that you can fill in to report your breach. If you’re not sure whether the breach warrants informing the ICO, it is a good idea to still complete the self-assessment form as this will give you detailed guidance on what you need to do next.

Plan and prepare

During the reporting process, it is likely that you will be asked what steps you are taking as a result of the breach. With the help of your IT service provider, you will need to look at how this attack happened and what you need to do to prevent this from occurring again.

Depending on your processes before the attack, there could be a number of remedial actions to undertake, which may include new security software or even additional employee training.

Take a breath

It is easy to panic in this situation, but it is important to remember that as technology advances for your organisation, so does that of hackers. Even global companies with specialist in-house IT teams can become victims of cyberattacks, so it is quite possible that your IT processes should have been sufficient to prevent any hacking.

The important thing is to have a clear plan in place to understand what happened and how you might prevent it in the future.

How can SCS help?

SCS Technology Solutions can help you to set up security measures for your business to stop attacks before they happen. We can also provide you with training on how to recognise an attack and how to report it correctly. Often, it takes a security breach for many business owners to contact us about our services, but often prevention is better than the cure.

For more information on how we can help keep cybercriminals away from your data, or for a free IT review, please contact us today.