What to do if your business is being held to ransom
Cybercrime, both against businesses and individuals, is becoming more common. It’s frightening and a major issue for businesses, which can end up having a big impact on your finances. There are also some pretty heavy potential legal issues to think about too, especially if your customers’ data has been compromised.
Contrary to popular belief, it’s mainly small businesses that face the brunt of attacks. While large corporations face being bombarded by hacks on a daily basis, they often have entire departments dedicated to fighting off cyber attacks and blackmail attempts. Small businesses and individuals, however, often feel incredibly vulnerable to attacks. Here’s a quick guide on how to deal with a cyber attack.
Make it as difficult as possible for the hackers to get in
The best form of offence is a strong defence. By making sure your online profile is fully protected, you can prevent most attempts at ‘Denial of Service’ attacks and other online cyber attacks at source. However, if they do manage to get through and hold you to ransom, the most important thing is to isolate your system as quickly as possible. If the attack is directed at a particular computer, then make sure it is immediately taken off-line and cannot infect other computers on the same network.
Inform the authorities
It is a crime for a hacker to attempt to extort money from you by locking your computer or threatening to publish damaging information about you. Talk immediately to your local police, who will put you in touch with their Cybercrime Unit. They have techniques and software they can use to trace the source of the attack.
Inform your customers immediately
Don’t do what several large organisations have done in recent years and try and hide the attack from your customers. Tell them immediately that their data may have been compromised and keep them updated on what you’re doing to rectify the situation.
Don’t be fooled into thinking the hacker’s a ‘good guy’
One of the most common scams carried out by hackers is to claim that they are ‘online security experts’ and have hacked into your system to demonstrate weaknesses inherent within your network. For a ‘fee’ they’ll unlock your computer and tell you how they did it. The variation on this is to victim-blame, saying that it’s your own fault your security is weak, and unless you pay them they’ll pass on details about access points to your systems to other hackers.
Don’t pay them
With so much vulnerable data at risk (and the corresponding cost to businesses if that data is then released out into the wilds of the internet), many businesses simply comply and pay up. That, unfortunately, does not mean the threat has passed. They still have your data and can continue to blackmail you for as long as they want. With Denial of Service attacks or lock-outs, your hacker may give you a certain amount of time to comply. The best thing you can do at this point is to immediately inform the police and work with them, following their instructions on a case-by-case basis.
Will I get my day in court?
If we’re being totally honest, the probable answer is no. Most cyber-attacks originate from the other side of the world, not your local neighbourhood (although making sure your Wi-Fi network is properly pass-worded and protected is key to stopping ‘drive-by’ hackers gaining access). So the chances that you’ll see the perpetrator behind bars for their crimes is small. However, your evidence could be crucial to protecting not just yourself in the future, but other businesses too. Always make sure you work with the authorities, and make sure you have legal advice, especially if your clients’ data has been compromised. Remember, under the new GDPR regulations, you are responsible for the security of your customers’ information, so a cyber-attack could damage much more than just your finances – it could decimate your reputation and client trust levels as well.
If you would like any more information in relation to this article then please feel free to contact me via email: jon.gough@bowlinglaw.co.uk or visit my profile.
Website content note: This is not legal advice; it is intended to provide information of legal interest about current legal issues.
