Just Being Proactive Isn't Enough: What Entrepreneurs Should Do During a Cyberattack
Last month, the WannaCry ransomware attack, according to Reuters, struck more than 150 nations, affecting upwards of 200,000 computers.
Cyence, a firm specializing in cyberrisk modeling, estimated the total economic damage to be around $4 billion. Victims ranged from individual users to massive organizations, including transportation systems in Germany, a communications firm in Spain and hospitals in Britain.
With WannaCry's ability to overtake large enterprises and major networks on full display, smaller businesses were left wondering what hope they had against similar attacks.
Small businesses fighting big attacks
Most business leaders think -- or should think -- about proactive and preventive measures when they think about cybersecurity. "Proactive" precautions include instituting a managed firewall and antivirus software.
Yet, while these measures are essential, they're no guarantee for avoiding an attack. When a ransomware event does occur, small business owners and entrepreneurs need to know what to do, to repair (or at least minimize) the damage.
Hopefully, such an attack will never happen to your business. But if the worst occurs, here are some steps to take:
1. Act fast with communications.
Ransomware attacks leave no time to waste -- by the time a U.K. researcher slowed WannaCry (24 hours after the attack began), Healthcare IT News reported that the attack had already affected more than 100 countries. Once a small business owner recognizes his or her business is under attack, it's critical to begin communications right away.
Leaders should communicate next steps to the rest of their company. In some cases, they'll also need to alert their customers.
Reporting an attack to the authorities matters, too; the FBI has described criminal cyberattacks as being within its purview. Informing federal law enforcement can help ensure more organizations around the country don't also fall victim, especially when the attack is as far-reaching as WannaCry was.
2. Isolate infected machines.
It can't be said enough: Attacks move quickly from one machine to the next. According to Malwarebytes, when WannaCry was installed on a computer, its code allowed it to spread to other vulnerable machines on the network. This isn't uncommon for ransomware attacks.
Companies, then, must do their best to slow the spread as best they can. Specifically, company leaders need to remove affected computers from their network as soon as they've identified the infected machines.
3. Document and understand effects before attempting to fix them.
Not all cyberattacks are alike. At best, an attack might take away a specific capability, such as browsing the web; at worst, it might encrypt every last file on a machine, thwarting operations entirely and compromising customer data.
In some cases, WannaCry's effects were astonishingly severe. The British National Health Service reported that WannaCry forced it to shut down 16 of its computer networks, which meant hospitals had to deny care to all patients whose health wasn't immediately threatened. That's far different from losing internet access for a period of time, and its consequences are just as distinct.
A proactive plan of response is the most effective prevention for a cyberattack, but even the most thorough cybersecurity measures won't completely immunize an organization; there's simply no way to ensure, beyond a shadow of a doubt, that a business won't fall victim to a ransomware attack.
When hackers do strike, taking the above measures may reduce the impact and help speed up the recovery process. That way, small business owners can return to business as usual in as little time as possible.