What to Do in the First 60 Minutes of a Cyberattack

Cyberattacks are not to be underestimated. The damage that they can do—even in the first hours—is considerable. This means you need to have a strategy to respond to these incidents, conveniently called an incident response plan.

This procedure should be both tested and documented, preparing you to withstand any cyberattack with minimal damage or disruption. As you might expect, the first hour or so will be a crucial period during this process. Let’s go over what you need to do.

Essential Actions to Take in the First 60 Minutes of a Cyberattack

To be clear, this is not the stage at which you should try to fix everything. This is when you need to be in damage control mode and prepare your recovery measures.

What You Need to Do:

Contain the Threat
Before anything else, you need to keep whatever it is that’s impacting your systems from spreading further. That might mean shutting down a server or disconnecting a workstation from the network. Once you’ve stopped the spread of the attack, you can move on to the next step.

Communicate with Contacts
You should have a communication tree laid out and planned for these kinds of events, specifically one that outlines who is responsible for what. Who’s the person who informs the boss of what’s going on, and who reaches out to your business’ insurance provider and legal representation? Critically, someone needs to reach out to your IT provider (ideally, us), so who is assigned to do so? Getting everyone up to speed will be crucial to successfully navigating this kind of event.

Control Communication
As you’re sorting through the cyberattack, ensure that your business has a single point of contact handling all public communications regarding the incident. Outside of that person, your staff should not speak publicly, which will help avoid misinformation being spread and prevent your business from being liable.

Create a Record
Ensure that you document everything, including when the incident was discovered, what data was breached, and the steps taken to resolve the incident. Critically, wait for IT’s go-ahead before deleting any data from or even turning off an infected machine, as these actions can destroy valuable evidence.

This Barely Scratches the Surface of What an Incident Response Plan Should Look Like

This critical process is not one to neglect, and the only thing more important than having such a plan is to have the security that prevents you from having to use it. We can help on all fronts.

We’ll not only implement strong protections to keep your business safe, but we’ll also help you craft, test, and implement all the plans that a business needs, including an incident response plan. Ready to get started? Give us a call at (804) 264-9339.