Recently, such high-profile people such as Michelle Obama, Beyonce, Vice President Biden, Jay-Z and others had their financial information hacked. And they are not alone, besides individual hackers often target business accounts. In fact, according to a 2011 survey conducted by Ponemon Research on behalf of Juniper Networks, 90% of businesses say they have been hacked.
How to handle a company hack
If your business has been hacked, there are steps you need to take immediately, says James Bower, founder and CEO of Atlanta-based information security company Ninja Technologies:
1) Communicate the problem. Hackers now have access to all your financial information so it is best to alert your bankers—and fast. “Contact your bank manager immediately and let them know of the breach,” says Bower. “Banks can take several weeks to months dealing with this before you have any chance of recouping any money that was stolen so starting this process as soon as possible is critical.” You will also need to change all of your passwords.
2) Investigate the incident. In order to prevent a breach from occurring again, you need to investigate the current incident. “Try to identify how the breach occurred,” Bower points out. “An inventory of every computer and software that has access to banking information is needed whether it’s a home laptop that’s been used to check the business accounts or a piece of accounting software that links to the bank account.” Seek out help in order to get to the bottom of the cause for the hack. “Calling in an information security company is always advised as they can more quickly help to identify how the breach occurred and what steps need to be taken to lock out the intruder and prevent future breaches,” explains Bower.
3) Let your business partners know. “Call vendors and explain the situation. Most companies balk at this but when vendors and creditors are made aware of the situation they are much more likely to give payment leeway than if they were kept in the dark,” says Bower. “The biggest mistake we see companies make is assuming that their networks and data are secure. This almost always comes from the assumption that is made by management that the company’s IT department is ensuring that data and network access are secure.”
4) Beef up your cyber security. In today’s workplace, cyber attacks have to be something you guard against. So prepare for them. “Most IT departments have little or no security training and do not have the time to take a proactive approach to security and instead turn a blind eye,” says Bower. “Companies can beef up their cyber security by taking a proactive mindset towards security.” Just as you have emergency drills, have a cyber emergency drill. “The best way to handle this is to routinely have vulnerability assessments and penetration testing done by trusted and qualified information security companies,” suggests Bower. “These types of evaluations can show a company where they are most vulnerable so that the company’s IT department can focus on those specific areas.”