Contact / About

2013-12-20

What Steps to take When Your Website Has a Cyber Security Breach

Recent studies into the global economic impact of cybercrime estimate an annual cost of nearly $1 trillion. For many businesses who are the victims of a cyber security breach, the effect is not simply a financial one. It can have wider implications for trade, competitiveness and technological development. In the event of an attack on a website, business owners should be aware of key steps to take to protect their business, as soon as possible.







Establish a plan

Any follow up of a security breach should be guided by a clear and thorough incident response plan, in order to minimise the impact of damage and protect the interests of stakeholders, as well as reducing the cost of recovery. NCC Group have a well-established research and development programme that allows for a comprehensive plan, taking into account unique risks that individual businesses may be exposed to, and incorporating a broad range of IT disciplines into the development of any response strategy.




Record all breaches

In order to take the most appropriate course of action to recover data and identify security shortfalls, it is vital to record all breaches so that your website’s future cyber security is not compromised. All facts pertaining to the event of the breach should be thoroughly noted, including any potential areas of suspicion, duration of the breach and its effects, and what remedial steps were subsequently taken.




Notify website subscribers

If the website breach has potentially revealed the personal data or the privacy of site subscribers, then it is incumbent upon business owners to notify them of any lapses in cyber security as soon as possible, unless data is already encrypted and does not risk exposure. Subscribers should be given complete details of the breach, including the time and date of the breach, a description of the incident, and what impact it may have on their data. They should also be notified of what steps you have taken in response to the breach and given advice, if required, on any actions they may need to take to protect themselves from the incident.




Evaluate regularly

Few, if any, businesses can regard themselves as immune to the risk of cybercrime and websites should regularly be audited to ensure that security systems in place are fully compliant with all legal requirements, as well as being technologically up to date. Regular evaluations are particularly important for developing businesses, as they will be required to navigate a growing number of certifications, as well as manage an increasing flow of data from users. Networks should be assessed to identify areas of vulnerability, while regular penetration tests will highlight potential areas of concern. In order to be able to manage website security effectively, businesses should consider an organised security package that offers an intelligent risk dashboard and transparent user interface, to improve ease of use.