What to do if you suffer a cyber-attack

Our recent Tech Essentials guide to cyber recovery has a wealth of advice and guidance on what you should do if the worst happens and you suffer a cyber-attack. This guide refers to our series of Audit Insights: Cyber Security reports which posits ‘you will be compromised’ and firms need to do ‘the basics’. I outline below an overview of the guidance included in the Tech Essentials guide.

Where to start

Interestingly, the guide suggests that education is a vital component of preparations to resist, respond to and recover from cyber incidents. People must be aware of potential threats and how to respond. It suggests firms should raise cyber-awareness, share real-life examples (the guide is full of them) and provide practical support to employees.

High five

The guide outlines five steps that will lead to successful response to and recovery from adverse cyber incidents

1. Stay informed

Make every individual in your organisation cyber security aware. Educate them on how to recognise and respond to the main threats.

2. Do the basics

Implement basic technical controls including securing internet connections, devices and software, controlling access to data, systems and services, and protecting against common cyber threats.

3. Plan for the worst

Identify critical assets and cyber threats, develop plans to resist, respond and recover and integrate them into business continuity plans.

4. Practise and review

Test and review the effectiveness of cyber incident response/business continuity plans at least once a year. Even a desktop run-through can highlight strengths and weaknesses.

5. Lead from the top

Put cyber security, resilience and recovery on the agenda at the highest level of your organisation. Ensure that owners/the board/directors/partners/managers understand threats and risks.

The importance of stories

The guide includes a number of case studies from firms, some of whom are very candid in describing what went wrong and what they learnt in the hope readers will benefit from their experiences.

  • One talks about spending many thousands of pounds every year on protection, but noting success also depends on human behaviour.
  • One talks about the impact of a ransomware attack and the fact it escaped disaster thanks to one of the oldest, most basic security procedures – the backup (top tip!).
  • And one talks about managing the fallout of having to admit to a client a breach had taken place, and the importance of the firm’s relationship with the client and fulfilling its expectations.

Glossary and other resources

The guide includes a glossary and references other material from ICAEW and the NCSC available to members.

The Tech Faculty has worked with other colleagues in ICAEW and has created a step-by-step guide, freely available to all ICAEW members, that provides a detailed cyber-attack response plan. The suggested actions are categorised by immediate actions following a cyber-attack, within 24 hours, next day, before incident closure, and follow-up and lessons learned. Steps are very clear, concise and action-oriented.

The Audit Insights: Cyber Security guides are available to anyone on our thought leadership pages.

The full Tech Essentials guide to cyber recovery is available to Tech Faculty members as part of their annual membership. You can read more about the faculty at our online joining page.

Anonymous