What To Do When You’ve Been Hacked

A cynic might say there are two kinds of internet businesses, those that have been hacked, and those that are going to be hacked.  An even more cynical view is that there are those whose managers know they’ve been hacked and those that have been hacked but whose managers are blissfully ignorant of the breach.  Thus, the question becomes under what circumstances it would be most prudent for management to engage an enterprise consultant to help them with damage control, so that whatever harm has been done does not become so severe as to threaten the survival of the business.

Therefore, it is always timely to consider what steps to take to get the internet security issue under sufficient control that you can conduct your business with reasonable peace of mind:

  1. Planning.  Of course, an enterprise must not wait until an actual hacking event takes place.  Arrangements need to be made beforehand, including for the provision of expert help in coping with the event.
  2. Documentation.  The plans for preventing and responding to a hacking event need to be documented, and employees need to be trained as to how to respond.
  3. Regulatory issues.  Part of the planning process is the determination of who should be informed, both within and without the company.  For example, in some regulated industries, protocols have been established for the notification of the regulator and for notices to be sent to customers whose accounts may or have been affected.  Satisfaction of these requirements will be important in controlling the damage and limiting the resulting exposure to liability and reputational risk.
  4. Redundancy.  Presumably, before the hacking event, arrangements have been made for redundant facilities to be available in the event of such an occurrence.  Then, once the event has taken place, it is time to activate those procedures, including contacting employees and consultants who would be responsible for activating the response procedures.
  5. Insurance.  If insurance is in place against hacking, timely notification will have to be made to insurance company, and a timely claim must be made.
  6. Preserve evidence.  It can be crucial to make sure that links to the hacking activity can be traced, so the active memory of the computer must remain available to forensic experts for their study.
  7. Inventory.  Part of the forensic process will be to determine and to document exactly what data has been stolen or compromised.  This information will also feed back into the issues of who must be notified of the breach.
Drew Hendrickshttp://p0g.com
Drew Hendricks is a tech, social media and environmental addict. He's written for many major publishers such as National Geographic and Technorati.

More from author

0 0 vote
Article Rating
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments

Related posts



Latest posts

How To Enhance Home Learning This Summer

Whether you are homeschooling or just trying to keep kids occupied this summer, chances are you are looking for fun and creative...

Your Quick Guide to Las Vegas

Las Vegas is a place which often appears on many bucket lists. It’s also the number one choice for many people who...

5 Common Questions About Online Learning Answered

Due to the relatively new nature of online education and the technology that has supported it, there are many misconceptions about...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!

Would love your thoughts, please comment.x