What Should I Do If My Business Is Hacked?

Running a business can be challenging enough without the constant threat of cyber criminals trying to hack businesses in an attempt to hold critical data at ransom, steal hard earned cash or simply cause disruption.

With cyber crime on the rise in the UK year-on-year you may need to start thinking of what you’ll do ‘when’ your business is hacked, not ‘if’ it is.

Regardless of how much time and investment you’ve made to protect your business, nothing is bullet proof.

Cyber criminals know exactly what types of cyber security solutions they need to breach and spend their time looking for ways to do exactly this, whether it be through back-door loopholes or through exploiting the curiosity of their fellow humans.

Statistically the chances of getting hacked are getting bigger and bigger and whilst you have (hopefully) done everything you can to reduce your risk, we’ve put together the following guide to help you react quickly and sensibly should the worst happen…

Book A Free IT Security Review

— Worth £1,495 —

We’ll analyse your existing IT set up along with your business needs and provide you with a visual map of your existing IT network and our recommended solution. Want to know more?

1. Don’t Panic & Act Fast

Many businesses before you have fallen foul of a cyber breach and many more will after you. For the vast majority of these businesses (in fact, virtually of all of them) a cyber breach alone would not be the end of their business.

A cyber breach will cost you time, it may cost you money and it may impact your reputation, however if you deal with the situation sensibly and quickly you can reduce the negative impact that it might have.

Knowing that your business has been hacked may be very obvious but there are a number of things to look out for that could suggest you have been hacked, or are in the process of being hacked. Some activity is only ever likely to be spotted by specialised software or IT experts who understand what they are looking for, however everyone should be cautious if they spot any of the following…

Reports from colleagues or close contacts that they have received emails from you with attachments or links to files
The inability to access files on your PC/laptop or on the company network, especially if they are accompanied by messages mentioning “ransomware” or similar
Emails reporting login attempts to your accounts at times, or from locations, that were not you
Changes to data in your internal systems, particularly changes to financial systems and payment details
Repeated and unexpected browser or system popups
Internet searches being redirected when you know you’ve typed in the correct address

If, for any of the reasons above, or for any other reason at all, that you suspect that you have been the victim of a cyber attack then it’s important to get an IT and cyber security specialist involved quickly.

Assuming you have an internal IT team or an IT support partner then you need to inform them of the situation, with as much detail, as quickly as possible.
If you don’t have an internal team or an IT support partner, then you will need to find someone to help who can offer cyber attack remediation work as soon as possible. However, it’s worth noting that having an IT partner in place before a cyber breach happens will save valuable time in terms of getting access to your systems and being able to deal with any issues that have been caused.

2. Identify & Remediate

Once an IT specialist is involved, they will begin the process of identifying which elements of your IT network have been affected. Depending on the type of attack this could be as little as one user’s device through to the entire network.

One of the more common attacks in recent years is known as ‘ransomware’, a piece of software that encrypts files on any PC, laptop, server, or data storage device it can access. This effectively scrambles the data, preventing an end user from accessing it unless they have the (very complex) key to unlock the files. Often, the cyber criminals will request a ransom fee, to be paid in cryptocurrency, in order to hand over the key and unlock the files.

In this scenario (which is quite extreme, but fairly common), and many similar ones, you generally have two options – fix the problem or recover your data from a backup.

In the event of ransomware the “fix” to the problem is to pay the ransom. This, in theory, would return your files as they were before they were encrypted, however this isn’t always the case.

In Sophos’ “The State of Ransomware 2021” report it was found that:

Only 8% of businesses recovered all of their data after paying a ransom
recovered no more than half of their data after paying a ransom
average amount of data recovered after paying a ransom was 65%

With these statistics in mind, paying the ransom is certainly the quickest and easiest way of resolving an issue like ransomware, but it is not guaranteed to work. If you do decide to go down this route however, your IT partner will be able to liaise with the cyber criminals on your behalf in order to recover as much data as possible.

Your other option is to recover your data from backup. The effectiveness of this option relies entirely on your own backup processes and procedures and for many businesses would mean losing data that was anything between 1 hour and 1 week old. If your backup process is not in place, tested and robust though, this may not be the situation for you (and you should check this ASAP).

If your backup is working and available, then the process of restoring your data should be fairly simple one for your IT team or IT partner.

Identifying the issues and rectifying them may not happen immediately so whilst this process is ongoing it’s worth considering your next steps as soon as you can too…

3. Disclose

Since GDPR was implemented in the UK, it is now a legal requirement to report any data breaches which involve the “accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data” with 72 hours of identifying an issue.

Whilst this may be a difficult situation to understand, the ICO, the body who oversee GDPR, have a very helpful website which not only includes a huge amount of information but also a self-assessment process to help you understand if you need to report your breach.

The simplest and easiest thing to do is to complete this self-assessment form and follow the process it advises.

It’s worth noting that one of the questions you will be asked is “what are you doing as a result of the breach?” and you will be expected to provide a plan on the steps you will be taking. These steps could include anything from a change of procedure, heightened cyber security software implementation or additional staff training.

During the “Identify and Remediate” your IT team or IT partner should also be looking for evidence of how the attack was initiated. The information about how your network was breached will allow you to put in steps to prevent it happening again and will clearly show the ICO that you are aware of any issues and have a plan to rectify them.

Reporting a breach does not guarantee that you will be fined and if you have taken cyber security seriously before the breach and have a plan to improve it afterwards, then you are much more likely to be looked upon favourably.

Failing to report the breach altogether has much more significant consequences and if it is later found that personal data was affected in your security breach then you could be fined up to £8.7 million, or 2% of your global turnover, whichever is higher. It’s not a risk worth taking!

The HBP GroupWho Are We?

Our organisation consists of three businesses; HBP Systems Ltd. Kamarin Computers Ltd and Jugo Systems. HBP are based in Lincolnshire, Kamarin in Cambridgeshire and Jugo in Hampshire. Between us we cover the vast majority of the UK and work under The HBP Group name to provide a seamless service between our northern and southern offices.

About Us

We specialise in providing IT solutions and support to businesses to ensure they use technology effectively and efficiently and can focus on what they do best – running their business.

The HBP Group Structure showing HBP Systems, Kamarin Computers and Jugo Systems