This blog post is the fifth entry of a six series discussing the best practices relating to cyber security. The previous post discussed the important steps that a business should take to preserve evidence and information once a cyberattack has been identified. This post will discuss the individuals and organizations that should be notified once a cyberattack occurs. The four most important groups to contact are (1) individuals within the business, (2) law enforcement officials, (3) The Department of Homeland Security, and (4) other possible victims.
Individuals within the Business
A business’ Response Plan should list the specific employees to be contacted once a business has been attacked. These employees normally include the senior executives, information technology officers, public affairs officials, and a business’ legal counsel. Multiple methods of communication for each employee, including cell phone numbers, home phone numbers, and personal email addresses, should be listed in the Response Plan. These critically important individuals should be contacted at the first sign of a cyber incident.
Law Enforcement Officials
Law enforcement officials should be contacted once a business suspects that its cyber incident is a result of criminal activity. A business should not hesitate to contact law enforcement even if it fears that its business operations will be disrupted. Both the FBI and the U.S. Secret Service prioritize their ability to work around a business’ normal operations when conducting an investigation. These government organizations will work with a business to ensure that sensitive information is not released and that the business’ reputation is not unnecessarily tarnished. Both groups will help the company release a press statement and decide what information is necessary to disclose to shareholders. In addition, law enforcement officials are able to receive support from international counterparts in order to track stolen data around the globe.
The Department of Homeland Security
The National Cybersecurity & Communications Integration Center (NCCIC) is a branch of the Department of Homeland Security that provides continuous updates on cyber incidents, cybersecurity information, and recovery efforts. By alerting the NCCIC to a cyber incident, a business is able to share and receive information that may be beneficial in its recovery efforts. A business should keep in regular contact with the NCCIC, even if it is not experiencing a cyber incident, in order to stay alert to the latest trends in cyberattacks.
Other Potential Victims
After a business discovers a cyberattack it should alert other businesses in its network because they are potential victims. Cyberattacks often use network communications between businesses to spread malware and disrupt work flow. Notifying other businesses may allow them to take preventative measures and insulate themselves from possible attacks. If a business does not feel comfortable contacting other potential victims it should communicate through law enforcement officials. Victims may also be able to share information to assist each other in managing the cyber incident and discovering the source of the cyberattack.
The next blog post will discuss what a business should not do after a cyberattack and how a business should begin to recover.