Help! My business has been hacked!
No business or organization can ever be 100% certain it won’t be hacked. But you can control how you react if your business is confronted with a cyber attack or security incident.
This past year, more than half of Belgian businesses were confronted with cybercrime. So, it's not a question of if but when your business will have to deal with a more or less serious cyber incident.
Fortunately, you can limit the impact of an incident on your normal business operations with good preparation. This is done in three steps.
Look for weak spots
First of all, you need to ask yourself where your business is vulnerable. Which ICT processes, infrastructure and applications are essential for your business operations?
Needless to say, this will differ for every business: for an online retailer, the website is indispensable, whereas for a manufacturing company, the ERP system is crucial for business continuity and it's less serious if the website is down.
Document your IT infrastructure in as much detail and as accurately as possible, and also document which users have access to which sources.
Draw up an emergency plan
The second step is to create a scenario in case an incident occurs. This emergency plan (incident response plan) is an essential component of your ICT security strategy.
The aim is to get your essential infrastructure up and running again as quickly as possible.
In this plan, you indicate who is responsible for handling the incident, for leading the internal team, and for contacting external parties such as the police, your IT supplier, and public institutions.
Don't forget communication
A third and often forgotten element is your communication plan. How you communicate about an incident is extremely important for your image.
Think about how you will inform your customers and suppliers. In case of serious incidents, there's a chance the media will contact your business, so decide in advance who will act as spokesperson.
If, during an incident, personal data was stolen and there is a risk that the persons concerned will be harmed as a result, you must inform them and also alert the Data Protection Authority (formerly, the Privacy Commission).
Read more on how to protect your company
Interested in sparring with us on how to establish a more pro-active & integrated approach to ICT Security?