The expansion of the digital world that occurred with the development of information technology has changed, and continues to change, the way we live. The innovations of the last decades have eliminated distances, accelerated the world, and created a universe of possibilities.
For companies, the arrival of technology represented the achievement of new levels of productivity, control, and analysis. Today we can say that businesses in their overwhelming majority need the digital world in operation, whether for production, management, or sales.
However, the world wide web is home to almost as many risks as opportunities. Hackers, cybercriminals, are numerous and spread across the planet, acting in the shadows to carry out cyber attacks against citizens, companies, and even governments.
Although some of these are motivated by political convictions or other personal factors (such as revenge, for example), most hackers carry out a cyber attack with the aim of illicit enrichment, making companies of all sizes a recurring target for these digital criminals.
Has your company suffered a cyber attack? What to do?
In recent years, there has been a growing increase in virtual crimes in Brazil and worldwide, with highlights for the pandemic years, when we were more connected than ever due to the covid-19 containment measures.
A study on the impact of the pandemic on digital security produced by Ernest & Young estimated a 300% increase in attacks against companies worldwide compared to the pre-pandemic period.
This scenario has been reinforcing the investment in digital security by companies, whether in hiring solutions, reinforcing infrastructure, or training people.
And it’s no wonder. A cyber attack can represent severe losses and drastically compromise operation. Faced with this risk, it is essential not only to take preventive measures but also to know what to do when your company becomes a victim.
At this point, you need to act fast, adopting the following steps.
1- Notify the network security manager
As soon as the cybercrime is noticed, the first step is to notify the network security manager, whether an employee of the information technology department or a contracted third-party company.
Also, remember to record as much of the hackers’ actions as possible in order to produce evidence of the crime and contribute to the investigation.
2- Inform your customers, suppliers, and partners
There is no shame in being a victim of a cyber attack, so do not delay in informing customers, suppliers, and partners about what is happening. This is also a way for them to prevent potential digital scams and invasions that may result from data hijacking, for example.
Remember that transparency is fundamental in consumer relations today. It will be worse if your customers find out what happened through other means.
3- If possible, contain
In many cases, the invasion does not reach the totality of the network, systems, and databases at once, making it possible to act to limit the hackers’ advance, such as changing passwords or isolating the infected components from the network.
4- Do not pay ransom for data
One of the most common types of virtual attacks against companies aims to hijack the database, requiring victims to pay a ransom to regain access to the information. If this happens in your company, it is essential not to let despair take over.
Never pay the ransom to criminals. Payment does not guarantee that they will comply with the agreement, and it is not uncommon for such cases to become extortion, with hackers always demanding more money with each contact.
*If you still do not regularly back up your company’s data, what are you waiting for? Being a victim of a ransomware attack and losing all your information? Do not wait.
5- Report to authorities
Reporting the crime is a fundamental step. Unfortunately, many still resist reporting cybercrimes due to doubts about the effectiveness of the measure or even out of shame for being victims of scams.
Cybercrimes can be reported at any police station, and victim support is guaranteed by Law 12,731/2012 of the Penal Code.
Before filing the police report, however, it will be necessary to collect evidence of the crime, registering it in a notary’s office. At this point, hiring a digital forensic expert allows you to find more robust evidence with legal value, instrumentalizing the investigation with information that facilitates the identification and capture of criminals.
And then?
Well, the truth is that after suffering a cyber attack, life goes on, after all, your company cannot stop. Ideally, you should carefully scan the network, change passwords and access credentials, recover data from backup, and reinforce good security practices to avoid becoming a victim of this type of crime again.
Furthermore, it is important to collaborate with the investigation and demand results, thus helping to strengthen the fight against cybercrimes in our country.
On our blog and STWBrasil’s social media channels, you will find content that helps reinforce your company’s information security and reduce your risks of being a victim of a hacker attack. Join us!
Until next time!
