Cyber Risks and Liabilities Newsletter – September 2021
Steps to Take After Experiencing a Cyber-attack
hen a cyber-attack occurs, how your organisation responds can make all the difference in mitigating the damages. In particular, time is of the essence. That’s why it’s vital for your organisation to have an effective cyber-incident response plan in place that specifically addresses key actions to implement immediately following an attack.
During these initial hours, your organisation’s response can help foster business continuity, protect stakeholders, limit legal repercussions and ultimately put a stop to the incident as quickly as possible. Taking steps to quickly contain a cyber-attack or data breach can provide significant financial benefits.
In order to minimise the lasting damage that can often accompany a cyber-attack, employers should consider taking the following steps immediately after an incident occurs:
- Start documenting the incident—As soon as an organisation finds out that a cyber-attack is taking place, it should begin documenting what it knows. This should include when and how the attack was discovered, the technology or data impacted by the attack, and any other supporting evidence regarding the event. This documentation should be updated as more information becomes available.
- Alert key personnel—Members of an organisation’s cyber-incident response team should be briefed and alerted. This may include IT leaders, crisis communication experts, and legal professionals. These individuals should then begin carrying out their designated roles and responsibilities as outlined in the organisation’s cyber-incident response plan. Inform additional employees if necessary.
- Secure all workplace technology—Take any possible steps to secure servers and devices. Take any impacted technology offline, but do not turn devices off, as there could be important evidence available. Launch any backup systems or data required to perform key operations and ensure business continuity (if applicable).
- Seek further assistance—Consult a forensic team or law enforcement to begin an in-depth investigation into the cyber-attack. Reach out to insurance brokers to begin the claim process and receive further assistance.
- Inform appropriate parties—Develop a plan with crisis communication experts and legal professionals to share relevant details of the incident with organisational stakeholders, shareholders and government agencies (if necessary).
For more information, contact us today
Using Two-factor Authentication
ber-security is an essential part of risk management for organisations of all types and sizes. To avoid the potential consequences of a cyber-attack or data breach, employers should strongly consider utilising two-factor authentication.
Two-factor authentication provides an extra layer of security when employees or other users attempt to log in to an organisation’s services, systems or networks. In addition to being asked to enter a password, two-factor authentication also requires a second form of confirmation—even strong passwords can be stolen by hackers. Without a second form of proof being required, these cyber-criminals could potentially gain access to important accounts, private systems, customer files and other sensitive information.
There are a number of different options to consider when it comes to implementing two-factor authentication, including:
- Text messages—By providing a mobile phone number, online services can send users a code that must then be entered to finish the login process. Some services may also be able to provide a voice message instead. It’s worth noting that text messages may not be the safest form of two-factor authentication, as it’s possible for cyber-criminals to gain access to a mobile device, SIM card or mobile network.
- Authenticator apps—These apps for mobile phones or tablets are the most common alternative means of two-factor authentication aside from text messages. These apps, such as the Google Authenticator and Microsoft Authenticator, are compatible with many different online services. This option may be advantageous for some employers as, unlike text messages, they do not require a mobile signal.
- Backup codes—Some online services will provide users with a list of backup codes to use for future logins. This method may be useful if users expect not to have reliable access to a mobile phone. While using this type of two-factor authentication, users should note that each code can only be used once. Lists of backup codes should be stored in secure locations. If a list were to fall into the wrong hands, security would be severely compromised.
The National Cyber Security Centre recommends organisations at least set up two-factor authentication for any ‘high value’ accounts that protect important information. It’s also recommended that email accounts be protected in this manner. Cyber-criminals who hack into an email account may then be able to use that access to reset passwords for other services.
For more information on cyber-security, contact us today.
The NCSC’s New Tool to Report Scam Websites
The public is being recruited to help the National Cyber Security Centre (NCSC) in its fight against cyber-criminals. The NCSC has created a new tool that will allow people to report websites that may be scams.
Cyber-criminals who operate fake websites may attempt to use them to download viruses onto a device or steal passwords.
The NCSC’s new tool requests that members of the public provide the following information:
- A link to the website in question
- Information regarding how a person first encountered the website
- Any other relevant information
After receiving a person’s report, the NCSC will then analyse the website. If it’s found to be malicious, a notice may be issued to the hosting provider for the site to be removed.
The new service will bolster the NCSC’s efforts to combat online scams. Last year, the centre created the Suspicious Email Reporting Service, which allows members of the public to forward suspicious emails to firstname.lastname@example.org.
For more information on scam websites and cyber-security, contact us today.