If You Get Hacked, Do Not Email Anyone About It

by | Oct/15/2020

You’ve trained your users to be vigilant for symptoms of cybersecurity issues. Now teach them to share their concerns confidentially.
Alert your users today: Tell them to, if they suspect something, avoid opening a support ticket or emailing your IT professionals about the concern.

More often than ever before, bad actors infiltrate organizations in a slow, methodical way. They can remain undetected for weeks, months, even years. The FBI uses the term dwell time to designate the period from when attackers infiltrate systems until you discover them. The FBI warns businesses that attackers can cause significant damage during dwell time. Bad actors quickly establish backdoors to ensure access, even if you block their first point of entry. They deploy keyloggers on systems to record keystrokes. If your cyber assets are compromised, the bad actors can potentially monitor your messages to find out when you discover their presence in your network, computers, applications, cloud resources, websites, or anywhere else.

Once attackers know you’ve discovered their infiltration, that triggers them to move forward with their next phase, often contacting you to demand a ransom. Sometimes they threaten severe consequences if you attempt to recover your system in any other way than paying them. Since they are in your systems, you must take the threats seriously.

Establish a protocol for workers to communicate suspicions in some method other than email.

Even your IT department must avoid emailing each other questions such as, “I received an alert that someone is resetting an administrator password. That’s odd. Is that you?” Instead, they must communicate by mobile phone or radio.

If you suspect a breach and contact us, consider phoning. If you must email, use a personal account outside of your company account, and use a phone or some device other than a company computer’s keyboard to send the message.

I’m not talking about when users receive a phishing message. I’m talking about if they receive a phishing message that includes customer account information, if an important file is missing or won’t open, or if they receive an unexpected login request on a website or to open a file. IT needs to investigate these early-warning signs.

Please forward this to other executives who you care about to establish a mobile hotline number for users to reach the IT team to report suspicious activity. Help avoid triggering attackers’ responses before your IT team has time to react and, hopefully, mitigate a potential cybersecurity disaster.