This time, that suspicious email from the supposed hacker isn’t a hoax. What should you do?
- Containment — Run anti-virus and malware inspection software. Reset passwords, and contact an IT consultant.
- Alert your web host — Some hosting services provide tips and tools that can assist.
- Inform your customers — This is extremely difficult, but necessary. If there’s a chance customer data has been compromised, then hiding the hack from customers is a bad move and, depending on the nature of the hack and your state data breach law, illegal. Your legal council can advise on compliance with applicable laws, and your agent/broker can advise on what steps your insurer requires.
- Repair damage and rebuild — Don’t try to do this yourself. Hire an IT consulting firm to assist and install new security settings for you. These steps may take considerable effort and cost. A data/cyber risk insurance policy can help cover some or all of the funds needed to protect your business from further damage and get your operations back to normal. Set aside some time to review your options with your agent or broker.