Four questions that will help you prepare for a cyberattack

Cyberattacks are part of the reality of doing business in today’s world, so any organization –whether large or small – needs to have a plan in place in terms of how they will handle a security breach when it occurs.

There are certain key questions you should be asking right now to ensure you are prepared to act quickly when your systems are hacked. Here are four essential ones:

1. Have I trained all my employees?

Sometimes, the easiest way for a hacker to get in is simply to pose as someone from your organization – such as the IT department – and ask an employee for passwords. Make sure all employees are trained to be aware never to give out passwords, and never to click on something from an unknown source.

All it takes is one tired employee at home to be a little forgetful and accidentally click on a nefarious link. These kinds of social engineering attacks are used in more than 80% of the cyberattacks today, so it is rarely about highly sophisticated technical breaches.

Make sure everyone is aware that suspicious individuals, phone calls, e-mails, links and questions must always be treated with caution.

2. When and how will I tell my customers what happened?

Communicating clearly and quickly with customers about any sensitive information that has been breached is critical. You will need to determine who needs to know what and how to inform them. And the way this is handled can mean a lot for your company’s reputation.

For this reason, your communications team should have someone pre-designated to deal with a crisis, and a cyberattack in particular, so they are ready to advise the minute something goes wrong. If no one on your communications team has experience with this sort of incident, get them trained now.

3. Do I have a designated war team?

This is the team that will assemble to handle the attack. As previously mentioned, it should involve someone from communications and PR in addition to technical, security and legal advisors.

4. Does someone on my team have a point of contact with the GDPR or other relevant authorities?

Every country has some sort of data protection authority, and they have a lot of excellent advice to give. If your company is attacked and you tell them it is the first time that it has happened, they can give you points of contact for assistance.

While cyberattacks are something no company wants to deal with, they are a reality in today’s digital landscape. And the better prepared you are ahead of time, the smoother things will go when a breach occurs.