How to react to “You’ve Been Hacked!” for newbies
“You’ve been hacked.” This must be the most feared sentence your IT guy can deliver to you, especially if you do most of your business online. It is even worse you hear it from a customer first. Your first reaction should not be panic, but you do need to react quickly. It will cause you some short term harm, but it is not life threatening.
As an online entrepreneur you will learn many lessons as you build your business from nothing and dealing with hacking is a key one. Being hacked is almost becoming a way of life like auto theft; there’s a high chance it will happen to you one day. Even Mark Zuckerberg, CEO of Facebook found his own account hacked in early December 2011. In June 2011, Citbank found that 200,000 customers had their private details passed to a hacker. Sony was hacked earlier this year as was Google in China; even Gmail isn’t immune.
Internet criminals can find larger targets, more of a challenge with substantial rewards, but the smaller business is likely to have less IT protection or even a plan of how to react to a successful hacking exercise. There is likely to be less security proficiency and data protection employed by the smaller business.
These online criminals look for:
- Bank account passwords.
- Lines of credit.
- Customer information.
- Sales data.
- Anything sensitive to the company’s profile.
Apart from the obvious, hackers sometimes gain access to your computers to hack into other computers, to halt the line of sight to their own computer. Some are successful, some fail.
Planning for Recovery
There are 5 key stages to sorting out the mess.
- What just happened to you?
You need to find out how the hackers gained access to your system. Entrepreneurs might not be experts in the IT field; that’s why you hire IT experts while you promote the business. Make sure you learn exactly what happened so you can prevent it from happening again.
Once you know which computers and accounts were breached, what data was removed and who was affected, you can move forward. Don’t fail to contact your closest police department that specifically deals with hackers and IT. They might be able to provide or direct you to experts.
- Do you need to seek a lawyer’s advice?
Your insurance policy might help you here, but if it doesn’t you might need to seek legal help to gain information about people who have wronged you and for your own customers that might have been attacked. Your lawyer will inform you of all the necessary people and authorities you need to tell about the hacking. You can’t keep the information hidden.
- Communicate the problem quickly.
Often the public complain that it is only months later that they learn that their credit card details may have been stolen. This doesn’t build confidence in the company. Being up front and honest will keep more customers long term. You need to tell people, including your employees, what you are doing about the problem and how you intend to solve the trouble. Gaining your employees’ and customers’ trust is key to your future.
If you are a small business, your cash flow may be damaged beyond repair if you can’t contain the loss quickly.
- Eradicate the difficulty and restructure.
You need to limit the danger quickly. This might mean shutting down infected computers and temporarily closing your website. Put up a notice to let people know what’s happening.
You may need to completely reformat computers and restore them with safe data. At the very worst, you might need to buy new computers. If software is at fault, your supplier may have a patch to solve the issue; companies like Microsoft send you updates to Windows regularly.
If your passwords were stolen, then update them all quickly and make them harder to crack next time around.
- Rebuild your position.
As an entrepreneur, hacking will teach you that replacing your old security setup with a tighter fitting deal is imperative. If all activity is logged you might be able to see a spike early to raise your suspicions. It will also close down the opportunities for being hacked from inside.
Finally, think about the security of financial data. Some companies only allow one computer (offline most of the time) to carry out the business banking, business transactions and other particular events that a hacker wishes to exploit.