What to do if your business is attacked
Cyberattacks can result in significant losses to your business. It is important to know what can be done to detect them and how to respond.
If you believe your business is the victim of a crime, you should report it to the police.
Successful hacks or cyberattacks can result in privacy breaches. It is important to follow the best practices for responding to privacy breaches. These include:
- Containing the threat. Limit access to sensitive drives and devices. Disconnect or shut them down if necessary.
- Assessing the attack. Determine how unauthorized access was gained and take appropriate action. This may mean temporarily disconnecting or shutting down systems while you investigate. Afterwards, if you determine there has been a breach of privacy, you may have an obligation under PIPEDA to notify the Office of the Privacy Commissioner, as well as those affected by the breach.
However, it can sometimes be difficult to determine if your business has been attacked. There are a few practices that can help:
- Provide customers with a way to contact you. Customers may notice a problem before you do. Giving people an easy way to contact you can help inform you of problems.
- Create an audit trail. Define clearly who should have access to what data, drives, or devices and keep records of access to help detect attacks.
- Use antivirus and attack detection software. These programs can detect when malware has been installed and when your security is being probed using known methods.
Ultimately, prevention is the best response. It can be difficult for anyone to help your business once it is attacked. Observe basic security practices and address common vulnerabilities to protect your online presence.