How to Prepare for a Cyber Attack (at Work and at Home)

You will be a victim of a cyber attack at some point. They happen so frequently these days, with new security gaps being discovered and exploited every day. No matter how safe you’re being online, you’re human. You can easily slip up — and cyber attackers these days are relentless.

Where does this leave you? In addition to taking steps to beef up your online security, you should also have a plan in place in case a cyber attack does happen. Knowing how to prepare for a cyber attack, both at work and at home, can make dealing with the attack a lot easier.

How to Prepare Your Company for a Cyber Attack

Companies of all sizes can be the victims of cyber attacks. A robust cybersecurity program should be part of any business plan, especially for companies working with remote employees. You can prepare before, immediately after, and in the weeks after a cyber attack.

Before the cyber attack

• Backups, backups, backups: Your company should be backing up its data regularly. Keep your files in an encrypted file storage device. When a cyber attack hits, you want to be able to get your business back online as quickly as possible. Backups ensure you do. 
• Have an incident response plan: Make a plan you and your team can follow when a cyber attack does happen. Each department head should know what they need to do ahead of time so you aren’t running around frantically trying to give orders during the breach.
• Keep logs: Work with a cybersecurity consultant to have some monitoring in place. Keep logs of suspicious activity so you have the information you can evaluate afterward to figure out what happened and how the cyber attacker got in.
• Run pen-testing drills: Pentesting is when you pay experts to try and break into your system — these specialists are called “ethical” hackers because they use hacking skills to help businesses shore up their defenses. They can simulate a cyber attack on your company and let you know where the weak spots are.

Immediately after the cyber attack

• Disconnect the internet: Try to stop the bleeding as much as possible by taking your company’s network offline. Ensure your employees disconnect as well, at least while you’re in immediate damage control mode.
• Check on your firewall settings: Ensure your firewall is active and your antivirus software is updated. You don’t want anything else getting through.
• Change your passwords: Start securing your accounts by changing passwords and checking security settings. Ask your employees to change their passwords as well.
• Turn off remote access: If you allow any of your employees to remotely access your network, cut it off right away. You need to reduce the number of ways attackers could find their way in.

In the days after the cyber attack

• Assess the damage: Check security data logs from your email, firewall, and antivirus providers to try and find the source of the breach. If your company was part of a broader attack that affected other businesses, follow updates on the situation from trusted sources.
• Identify those affected: Figure out who’s been impacted by the cyber attack sooner rather than later. It could have reached employees, customers, or third-party vendors, and they should know about the potential dangers right away.
• Educate your staff: Once you’ve determined the cause of the breach and managed to re-secure your systems, take the time to inform your staff. Also, consider holding a training session about cybersecurity best practices to help prevent a similar event from occurring again.
• Contact your cyber insurance carrier: If you have cyber insurance, you should contact your carrier after the incident to let them know what happened. This is when having security logs pertaining to the breach comes in handy because your insurance provider will no doubt want to look at them.

How to Prepare Your Home for a Cyber Attack

Businesses are often the targets of cyber attacks, but they aren’t the only ones. Home networks can suffer from data breaches as well. Cybercriminals may be after personal information so they can impersonate you, take over your financial accounts, or even sell your info on the dark web.

Before the cyber attack

• Use a password manager: Passwords for all your accounts should be strong and not p@ssw0rd — but so many people still use weak passwords. Get a password manager so you can store all your login credentials for all your accounts.
• Enable stronger authentication methods: Whenever possible, turn on two-factor authentication (2FA) or use biometric authentication to log into your accounts.
• Keep your antivirus software updated: Always make sure all of your software, programs, and apps are up to date. But especially, make sure your antivirus software is updated. Updates for these programs usually contain important security patches.
• Backup your files: Keep a backup of your files on an external storage device that only you have access to. You don’t want to lose everything because of a breach.
• Limit the personal information you share online: Try to keep as much personal information about yourself as private as you can. Don’t use your full or real name when possible, and make your social media accounts private.

Immediately after the cyber attack

• Change the passwords for all your online accounts: As soon as you’ve realized that one of your accounts has been hacked or your home network has been compromised, change all the passwords on your accounts. It’s easier to do if you have them all stored in a password manager.
• Assess the damage: As you’re changing passwords, go through your accounts to check for signs of suspicious activity. 
• Contact your financial institutions: Call your bank or credit card company and let them know you’ve had a data breach. Ask them to implement security measures such as locking your card.
• Let system owners know: Even if the cyber attack was at home, let your work or school know so they can be prepared for a cyber attack, just in case. 

In the days after the cyber attack

• File a complaint with IC3: You can file a report about the cyber attack with the FBI Internet Crime Complaint Center (IC3). They can review it and refer it to another agency for further investigation.
• Report the cyber attack to the local police: Call your local law enforcement and let them know you experienced a cyber attack at home. They’ll be able to take the proper steps to investigate the matter.
• File a report with the OIG: Send a report to the Office of the Inspector General (OIG) if you think your Social Security number was compromised. The OIG investigates cases of SSN fraud, waste, and abuse.

Stay vigilant to prevent a cyber attack

The best way to avoid a cyber attack at work or at home is to be prepared. Once your data has been breached, there is no easy way to undo the damage. In fact, it could take years. Take steps to prepare before a cyber attack takes place and have a plan in case it does happen. Explore our blog to learn how to stay safe online.