business.com receives compensation from some of the companies listed on this page. Advertising Disclosure

Home
> Technology
> Security

You've Been Hacked: Now What?

Sarah Landrum
business.com Member
Mar 11, 2016

As a successful business executive, you've belonged to many clubs.

Toastmasters? Entrepreneurship Meetup group? Even your local health club? They're all a great way to network and potentially build your client base.

But this time, you're a member of a brand new club, and it's one you've joined involuntarily.

You're now among the ranks of unlucky business owners who have been hacked.

Unfortunately, it was bound to happen eventually. In fact, a 2015 Duke University/CFO Magazine Global Outlook survey reported that more than 80 percent of U.S. companies indicate they've been the victim of hacking.

And about a third of chief information officers report that they saw a 51 to 100 percent increase in cyberattacks in 2015

If misery loves company, well, you've got it.

So now that you know you've been hacked, and probably started to panic, what are you supposed to do?

Here are some steps you can take to minimize the damage and prevent future cyberattacks.

Related Article: The Security Risks in Social Media: Interview with Joseph Steinberg

Don't Shut Down

Your first instinct after a hack may be to shut down your network's computers. Don't.

Contrary to what you may think, a lot of hackers breach your system using what's called memory-only malware, meaning the malware loads itself into your random access memory (RAM) but doesn't install to your hard drive.

So why wouldn't you want to reboot your systems right away?

Since memory-only malware leaves no lasting data footprint, it can be particularly insidious and hard to track.

Shutting down your computer only erases evidence that could prove invaluable if you want to nail down what was stolen and where the sensitive information was sent.

The mega-retailer, Target fell victim to a memory-only Trojan back in 2013, when hackers stole more than 40 million credit card numbers, not to mention personal information such as addresses and phone numbers.

Call in the Experts

If you want to avoid a crisis of the Target-breach magnitude, it's time to act now. Bring in the pros right away.

After all, you still have a business to manage, even while your computer systems are down.

If your company isn't large enough to have a built-in information technology (IT) department, you should have a dedicated team of computer experts on speed dial.

If you don't, start searching for a specialist immediately. Make sure you do your research, though, before you hire a computer consultant.

After all, you want to have confidence that your expert or team of experts can successfully stop the malicious software from spreading, and hopefully even undo some of the damage to your network, not to mention to your consumers.

Conduct an Investigation

This tip also involves seeking the assistance of outside experts. Hiring a team of pros sounds like a huge financial investment, but you'll be saving your business money in the long run by mitigating loss from the cyberattack.

Sound unrealistic? Consider that year-to-date through August 2015, the average cost to U.S. companies related to cybercrime amounted to $15.42 million, more than in any other developed country.

When Target suffered its massive security breach, the retailer hired a forensic computer specialist to conduct an internal investigation of the hacking incident, and now so should you.

Related Article: Enemy Strategy, Revealed: The Types of Cyber Attacks That Took Down Target & Sony

Forensic computer experts can use their tech-savvy skills and investigative prowess to not only help you recover your data, but preserve digital evidence the hackers left on your computer network when they committed the cyberattack.

In many cases, the results of the forensic investigation can lead to prosecution of the criminals or recovery of damages in a lawsuit.

Report to Authorities

While hiring outside experts is a financial investment, it won't cost your company any money to report the security breach to the authorities. First, file a police report.

Even if your local law enforcement doesn't have the time to conduct its own investigation of the cyberattack, you'll need a police report if you want to collect insurance.

Also, seek some help investigating the crime by reporting it to the relevant federal law enforcement agencies.

The agencies responsible for investigating domestic Internet crime include the Federal Bureau of Investigation (FBI), the United States Secret Service, the United States Immigration and Customs Enforcement (ICE), the United States Postal Inspection Service and the Bureau of Alcohol, Tobacco and Firearms.

You can also file a complaint with the FBI's Internet Crime Complaint Center (IC3).

Seek Legal Advice

Legal counsel can be expensive, but you'll need it to prepare for a potential lawsuit if your customers suffered damage, like the theft of personal information, during the breach.

After its own cyberattack in 2013, Target was forced to offer a $10 million settlement to its hacking victims whose credit card numbers were stolen.

So do the smart thing and hire yourself a good lawyer who specializes in business law, just in case your recent hacking experience opens up your business to legal liability.

A lawyer can also advise you when you're forced to make the decision of whom to tell publicly about the cyberattack.

Hack-Proof Your System

Now that you've gotten the experts to fix your computer and launch an investigation, it's time to minimize the chances this hacking will happen again.

Replace your old, insecure technology with updated, more secure systems. It really is that simple.

First, do your research. For example, companies such as Internet-security mogul, Symantec have introduced reputation-based software that rates billions of programs on their level of risk.

And new tools such as Tufin's SecureTrack can help your company monitor, manage and optimize your traffic rules to ensure minimal security risk to your network.

What about updating your firewall, too? Chances are it's out of date.

You can increase your security immensely by investing in a new one. And don't forget to regularly install updates to your operating system. That's right, stop clicking "Remind me later."

Related Article: Staying Safe: What You Need to Know About Identity Theft Security Plans

Risky Business

In sum, running a business necessarily comes with its risks, and one of those risks is the dreaded cyberattack.

Hackers aren't going anywhere anytime soon. In fact, cyberattacks are only predicted to increase in 2016.

But now you're a little more prepared to deal with them when they happen. And, hopefully, a little less panicky, too.

Image Credit: Monkeybusinessimages / Getty Images
Sarah Landrum
business.com Member
Sarah Landrum is a marketing specialist and freelance writer. She is also the founder of Punched Clocks, a site on which she shares advice for professionals to find happiness and success in their careers. Subscribe to her blog newsletter and follow her on Twitter @SarahLandrum to get more great advice to grow your business and career.