What To Do When You’ve Been Hacked

A cynic might say there are two kinds of internet businesses, those that have been hacked, and those that are going to be hacked.  An even more cynical view is that there are those whose managers know they’ve been hacked and those that have been hacked but whose managers are blissfully ignorant of the breach.  Thus, the question becomes under what circumstances it would be most prudent for management to engage an enterprise consultant to help them with damage control, so that whatever harm has been done does not become so severe as to threaten the survival of the business.

Therefore, it is always timely to consider what steps to take to get the internet security issue under sufficient control that you can conduct your business with reasonable peace of mind:

  1. Planning.  Of course, an enterprise must not wait until an actual hacking event takes place.  Arrangements need to be made beforehand, including for the provision of expert help in coping with the event.
  2. Documentation.  The plans for preventing and responding to a hacking event need to be documented, and employees need to be trained as to how to respond.
  3. Regulatory issues.  Part of the planning process is the determination of who should be informed, both within and without the company.  For example, in some regulated industries, protocols have been established for the notification of the regulator and for notices to be sent to customers whose accounts may or have been affected.  Satisfaction of these requirements will be important in controlling the damage and limiting the resulting exposure to liability and reputational risk.
  4. Redundancy.  Presumably, before the hacking event, arrangements have been made for redundant facilities to be available in the event of such an occurrence.  Then, once the event has taken place, it is time to activate those procedures, including contacting employees and consultants who would be responsible for activating the response procedures.
  5. Insurance.  If insurance is in place against hacking, timely notification will have to be made to insurance company, and a timely claim must be made.
  6. Preserve evidence.  It can be crucial to make sure that links to the hacking activity can be traced, so the active memory of the computer must remain available to forensic experts for their study.
  7. Inventory.  Part of the forensic process will be to determine and to document exactly what data has been stolen or compromised.  This information will also feed back into the issues of who must be notified of the breach.
Drew Hendrickshttp://p0g.com
Drew Hendricks is a tech, social media and environmental addict. He's written for many major publishers such as National Geographic and Technorati.

More from author

Leave a Reply!

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related posts



Latest posts

An Overview of the Apache Cassandra Database

Apache Cassandra database is a popular system created for the management of high volumes of structured data on commodity servers. It...

The Guide To Online Business Marketing

Online business and its marketing are two very important economic forces active in the financial circles right now. We have experienced a...

Cities Are Leveraging The Latest Science To Defend Against Flooding

There’s a general scientific consensus that sea levels are rising and that rainfall will probably increase over the course of the...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!