What to do in the event of a cyber incident?
As an entrepreneur, most likely you will be affected by a cyber incident at some point. Fortunately, you have prepared yourself with the information in this article. Here you will find explanations and useful tips that you can use to prepare, not only yourself, but also your employees.
What is a cyber incident?
The disruption of your digital environment is a cyber incident. You will probably think of hackers, but a disruption can also be caused by a telecom or power failure. We speak of an incident if one or more of the following is the case:
- Reduced availability: This occurs when it is not possible (or limited) to continue using information and systems.
- Decreased Integrity: This occurs when information in the systems is no longer complete or correct. Or if adjustments have been made by an authorised employee.
- Decreased Confidentiality: This can happen when unauthorised people gain access to (business-critical) information in systems. The more sensitive the systems, the greater the breach of confidentiality.
Examples of a cyber incident
- Internet connection is unavailable;
- Customer data is not (or no longer) correct;
- Employee salary data is publicly available;
- You are a victim of ransomware
- The mobile card machine is not working;
- Accounting program is no longer accessible.
How to recognise a cyber incident?
You need to be able to recognise a cyber incident before you can take action. The characteristics of a cyber incident are not always the same. They can take on many forms, but the following things can be a signal:
- Device speed decreases;
- Certain information is no longer (properly) accessible;
- Strange messages are showing on your devices;
- You receive (email) messages from people saying you have been hacked;
- Website or company network are no longer accessible.
The clearest forms of a cyber incident are, for example, making your company website inaccessible (DDOS attack) or becoming a victim of ransomware. But it will not always be so obvious. So, stay alert to the above signals and take action if you do not trust the situation. For example, hire an expert to investigate the symptoms.
Prepare for a cyber incident
Preparation is half the battle. In the Cyber Incident Checklist (pdf, in Dutch), you will find some simple tools that will enable you to prepare for a cyber incident. In most cases, you will need help from others. By recording the contact details of those helpers, you will be prepared and able to respond immediately.Of course, you want your employees to know what to do. Hang the check list by the coffee machine. Make sure you create a logbook in which you record the course of an incident. This will help you find a cause and file a report, or an insurance or liability claim.
Step-by-step guide to prepare for a cyber incident
Download the checklist and call list
Complete the call list. Write down all relevant phone numbers of auxiliaries you need in case of a cyber incident and keep this in printed form. If your IT systems are down, this printout is invaluable. For important phone numbers, think of: IT service providers (office automation, website, cloud services), but also think of parties you have a digital link with such as suppliers or other partners.
Discuss the checklist and call list in your organisation. Make sure everyone is aware of what is expected of them. One way to do this is to practice cyber incidents within your organisation.
Hang the 2 lists in a visible place for all employees
Stay calm. Have you been hit by a cyber incident? Stay calm and reflect, and call your IT manager!