What Steps to take When Your Website Has a Cyber Security Breach
Recent studies into the global economic impact of cybercrime
estimate an annual cost of nearly $1 trillion. For many businesses who are the victims of a cyber security
breach, the effect is not simply a financial one. It can have wider
implications for trade, competitiveness and technological development. In the
event of an attack on a website, business owners should be aware of key steps
to take to protect their business, as soon as possible.
Establish a plan
Any follow up of a security breach should be guided by a clear and thorough incident response plan, in order to minimise the impact of damage and protect the interests of stakeholders, as well as reducing the cost of recovery. NCC Group have a well-established research and development programme that allows for a comprehensive plan, taking into account unique risks that individual businesses may be exposed to, and incorporating a broad range of IT disciplines into the development of any response strategy.
Record all breaches
In order to take the most appropriate course of action to recover data and identify security shortfalls, it is vital to record all breaches so that your website’s future cyber security is not compromised. All facts pertaining to the event of the breach should be thoroughly noted, including any potential areas of suspicion, duration of the breach and its effects, and what remedial steps were subsequently taken.
Notify website subscribers
If the website breach has potentially revealed the personal data or the privacy of site subscribers, then it is incumbent upon business owners to notify them of any lapses in cyber security as soon as possible, unless data is already encrypted and does not risk exposure. Subscribers should be given complete details of the breach, including the time and date of the breach, a description of the incident, and what impact it may have on their data. They should also be notified of what steps you have taken in response to the breach and given advice, if required, on any actions they may need to take to protect themselves from the incident.
Evaluate regularly
Few, if any, businesses can regard themselves as immune to the risk of cybercrime and websites should regularly be audited to ensure that security systems in place are fully compliant with all legal requirements, as well as being technologically up to date. Regular evaluations are particularly important for developing businesses, as they will be required to navigate a growing number of certifications, as well as manage an increasing flow of data from users. Networks should be assessed to identify areas of vulnerability, while regular penetration tests will highlight potential areas of concern. In order to be able to manage website security effectively, businesses should consider an organised security package that offers an intelligent risk dashboard and transparent user interface, to improve ease of use.