You’ve been hacked – Now what????

To small and medium business and not for profit organisations the experience of being hacked or your business data appearing on the Internet in the wild is something that is not to be contemplated.

To further compact the problem the fact that it could be two to three years before you discover they it has happened is an even bigger problem.

So what can you do about it.

In most situations, small and medium business do not have many options.

This is where common sense comes into our thinking.

By putting a number of obstacles in the way, obstacles that either an internal malicious person or an external hacker has to jump over before they get anywhere near your data is a good place to start.

You need to start with the following:

  • Start with a number of procedures and policies – Internet policy, email policy, social media policy are a good place to start.    Specify your business expectation so that everyone understands their role.
  • Implement auditing, and more importantly with alerts, so that you know when someone has accessed corporate data without authority.   This will also help with tracking down the incoming and internal culprits.
  • Make sure you have the right technology in place – use the newest and most secure operating systems and make sure they are updated regularly.
  • Get a good anti-virus, anti-malware, anti-spam system the most expensive one you can afford.
  • Treat applications with caution especially applications that are downloaded from the Internet from dubious sites.
  • If you can afford it, run a sand box environment ( a system for testing everything before it goes on the production system) and test them including open ports and access to system resources.
  • Furthermore get a decent firewall / router.   Do not use something that is available from a retail shop, get an all in one system that does firewall, wireless, filtering, application firewall, VPN endpoint and intrusion detection system with a 24/7 warranty.    Get it set up correctly, with as much information being reported back to a central point as possible.
  • Make sure your wireless connection and VPN systems are secure and are on totally different networks so there is a separation between the working environment and a less secure network.
  • Put in place a good DR plan, BC plan and build some resilience into your business.    Make sure you have a secure off site location for all critical business data.
  • Find someone you can talk to, someone with the right knowledge and understanding of your business as well as security and management.  This will help you understand your business requirements and make it easier to implement change within your business, if required.
  • On a final note train your staff, not only in what your expectations are but also what they should do if they experience something that is a little “hinkki”. This is a good place to start as your staff can be your  early warning system for strange occurrences and experiences.

Ok that is the common sense solutions.   T

here are some businesses and organisations that if they are targeted are taking the fight to the hackers.

This includes hiring white hat hackers, creating honey pots and getting as much information on the hacker and either targeting them or setting the police onto them.

To do this though you do need to have a robust system to start off, so don’t take it to the hackers unless you have a system that can handle a prolonged and focused attack.

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   Rapid Restart Appliance Creator.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world. 

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.