Skip to main content
Computer with a cyber attack demand for money

Cyber Attack - What To Do

25th October 2024

We often receive malicious emails from a contact that has been compromised – fortunately, we have impenetrable security systems that block these and render them harmless. If you are not so lucky, what should you do?

Be Prepared

Design and agree a procedure to be followed, and communications to … well … communicate, in the event of an attack – this will remove the need to run around like a headless chicken and ensure that nothing gets overlooked. It should include the following:

  • Who to notify (i.e. your IT support provider or IT department), as soon as you detect anything suspicious. Depending on the severity / nature of the breach they will:

    • Establish the nature / scope / extent of the damage

    • Isolate affected systems

    • Eradicate the virus / malware and close the vulnerability that allowed it

  • Inform all key stakeholders and affected parties internally

  • Inform all key stakeholders and affected parties externally

  • Ensure staff are aware of changes to protocols or necessary actions, such as password updates

  • Disaster recovery measures to recover data and reinstate IT systems

  • Notify authorities and regulators in line with legal requirements

  • Notify cyber liability / risk insurance provider, if applicable*

  • Consider whether additional staff training is required

  • Consider using specialist cyber security services, to protect your organisation and allow you to sleep easy at night

*Note: public liability insurance and professional liability insurance typically does not cover damage caused by cyber-attacks – only specialist insurance will protect you against this.

As always, communication is key and, again, planning ahead is really helpful. The National Cyber Security Centre offers a useful guide on how to manage communications, in the case of a security breach: https://www.ncsc.gov.uk/guidance/effective-communications-in-a-cyber-incident).

It is so much better to prepare before an incident rather than afterwards, when a very stressful and damaging situation could be made worse by delays, oversights and mistakes.

Click HERE to learn more about our services.

Back to top