A hacker attack usually takes place quietly, because the intervention in one’s own company network or company system is not immediately recognized. It is usually a successful or unsuccessful attempt to disable computers or servers, steal data or use a compromised computer system for further attacks. It can take several days up to a few months until the exploited vulnerability, the damage caused to the attacker, is detected. Therefore, a corresponding IT security structure for prevention with high standards in the area of Internet security is advisable and, above all, recommended. A well-established system can act as an early warning system and recognize atypical actions and, if necessary, also block and limit them. What to do if attacked by a cybercriminal
Table of Contents
The digital age increases hacker attacks and cybercrime
Hacker attacks or cyber attacks can have serious consequences for companies: data loss, data misuse or even destroyed business relationships. Such an attack can threaten small and medium-sized companies with financial ruin. The standard repertoire of cyber criminals is expanding from year to year, the hacker attacks are becoming more creative, more complex and more difficult for the user to recognize.
First Aid in a Hacker Attack – You Can Do It!
Hacker attacks can vary widely and manifest themselves in different ways. Here are a few well-known and common hacker scenarios, how you express an intrusion into a company network and how you can recognize this attack:
- An employee is suddenly online and in the system at unusual times
- There is suddenly increased data transfer in the company network / the server is severely restricted and slow
- Protection racket extortions are popping up on your screens
- Duplicates of your product appear on the market
- Customer data pops up on the internet
- Passwords and access data have been changed
- Questionable e-mails are sent from your or the employee’s account
- The company website was defaced and rendered unusable
Step 1: Physically disconnect devices, turn them off, or turn them off in the event of a cyber attack
Do you suspect that your company network has been compromised or that processes and actions are being carried out in an atypical manner in the system, or are there concrete indications of this? In this case, switch off all devices, computers and servers and disconnect the physical connection to the company network, Internet connection and WLAN connections. This measure is intended to lock out attackers, deny access to the company, so that they can no longer cause damage until this point in time. After step four, you can hand over the device, computer or server to a specialist who will find the vulnerability, close it and, if possible, repair the damage done.
If your company infrastructure is in a data center or you use cloud services, contact your provider immediately, report the incident and continue with step two.
Also Read: The Problem With Passwords
Step 2: Change passwords when attacked
One of the common problems in everyday life is passwords that are used too “simple”. Since it is not known exactly how the attacker or hacker got into the company network, after the devices have been switched off, the individual connections must be disconnected and all passwords used and access data for the most important services changed.
- System logins
- Employee additions and the associated email addresses
- E-banking and login to major payment providers
- Platforms and partner networks
- Social media accounts
3rd step: Analysis of the hacker attack and determination of the damage
After access to the company network from outside has been blocked and the passwords have been changed so that theoretically no further damage can be caused by attackers, the damage assessment can be checked.
When checking the company network, accounts, accesses and the system are analyzed under the following aspects:
- How did the hacker get into the system? How to close the vulnerability?
- What specific damage did the hacker cause?
- Has data been changed or deleted?
- Has important data been downloaded?
- Has data been made publicly available?
- Which accounts and accesses were used?
- Have emails been sent?
- Did the attacker ask you for new passwords from other services that require email confirmation?
Step 4: File a complaint and officially report the damage
The suspicion of a hacker attack has been confirmed? Contact the police. They can work with your appropriate cybercrime department to take a look at the damage and traces and further investigate and hold the cybercriminals accountable. Finally, you can file a complaint with the police or the public prosecutor’s office.
Step 5: Fulfill your own obligations in the area of data protection
Involve your data protection officer, person responsible or the processor within the meaning of the GDPR and check the situation from the point of view of data protection. Here, the insufficient technical and organizational measures according to Art. 32 GDPR are checked. If human error (e.g. opening an e-mail attachment with malware) is responsible for the attack, appropriate measures such as regular employee training should take place and virus protection should be improved.
If personal data (e.g. customer data) was compromised, deleted or changed during the hacker attack, the incident must be reported to the competent supervisory authority for data protection within 72 hours of the data breach becoming known in accordance with Art. 33 GDPR. In addition, there is an obligation to notify the third parties concerned in accordance with Art. 34 GDPR. This can be customers, business partners and service providers.
6th step: communication
The right communication is crucial in the situation! First of all, all employees in the company are informed about the incident and instructed that they are sensitized and can act on the measures. Subsequently, after inspection, affected customers and partners can be informed that their data was affected by the attack and in the last step the media can be informed about the attack. An external communications professional can support you in such a challenging time.
7. Consider further measures
Consider what additional data could be related to or affected by the attack. Accordingly, there are further measures, for example:
- Control of payment providers or blocking of compromised payment and credit cards.
- Has data been published on the Internet without authorization? Then notify the respective provider and/or hosting provider and request deletion (Art. 17 DS-GVO). If this is not successful, see point 7.
- Search engine operators can be asked to hide hurtful or defamatory hits (e.g. remove information from Google ).
9th step: Restoring the data of the different systems and the IT structure
After you and your employees have analyzed and logged the situation and the police have completed their work on site, you can concentrate on restoring the data, the system and your IT structure. Experts and specialized providers help you to repair and, if possible, restore your infrastructure.
Prevention of hacker attacks and cyber attacks
As already mentioned in the introduction to the article, hacker attacks can vary greatly. Make yourself and your employees aware that they pay attention to the little things and integrate a high security standard into your company network. Access and passwords should also be selected according to “difficult”. Test and optimize your security standard in the IT structure regularly and regularly adapt it to the common attack scenarios.
Also Read: Cover The Webcam And Defend Against Hackers