When Cybersecurity Fails: How to Respond if Your Small Business Gets Hacked

by | Sep/26/2024

A concerned CEO asks: Is there a way to detect and remove malware on a small network after a breach?

Immediate Action if You Suspect a Breach:

If a clever hacker duped you into doing something that resulted in a suspected security breach, and you received a prompt asking you to run a program on your computer and agreed, your computer is likely compromised. Do not reboot your machine – disconnect it from the network immediately. The machine needs to stay awake so logs stay intact for forensic evidence. Document every step you take from this point forward – it could be crucial for legal and insurance purposes later.

Is there Customer or Other Sensitive Information on the Computer?

Assuming this is a work computer, potentially exposing sensitive information can be very serious. Contact your insurance company immediately. They will likely connect you with a data breach attorney immediately.

There are potential lawsuits, fines, etc. Some regulations and laws might require you to notify entities and customers. Different industries have specific compliance requirements – healthcare providers must consider HIPAA, financial institutions have regulations, privacy laws can come into effect, etc. You might be required to notify specific parties. Knowing your obligations is crucial. This is another reason to open a case with your insurance so they will connect you with a data breach attorney for guidance. If you don’t have insurance, contacting a data breach attorney immediately can protect you later.

For a Computer Without Sensitive Information:

You can run a full scan with your existing antivirus software to look for malware. Make sure it’s up to date before you start. This might catch obvious threats, but it’s just step one. Some solopreneurs, small companies, and families use additional malware scanning tools for a more thorough check. We receive no compensation for mentioning them, nor do we endorse them, but some families and small companies say they’ve had good luck with products such as Malwarebytes and HitmanPro. The latter requires an Internet connection to work. If you suspect your computer is infected, know that reconnecting it to the Internet could allow an attacker to re-establish access. While these tools can be helpful, remember that advanced attackers design their exploits to be undetectable by scanning tools. There’s no guarantee of complete security.

EDR/XDR Tools Look for Indicators of Compromise:

EDR/XDR (Endpoint Detection and Response / Extended Detection and Response) tools look for computer activity resembling attacker behavior and can intervene. EDR/XDR tools typically require you to purchase a minimum number of seats and thus are sometimes viewed as cost-prohibitive for businesses and families with fewer than 20 computers. For example, if an MSSP charges $20/mo. per computer for managed EDR/XDR, but customers must purchase at least twenty computer licenses even if they have fewer than twenty computers, which results in a $400/mo investment. Of course, breaches are costly, too. If you open a case with your cyber insurance company, a common practice is for them to run EDR/XDR software to look for installed programs, and they’ll remove the software when finished.

A Clean Start:

If you want to feel more confident that your computer doesn’t contain keyloggers or other malware, you might choose to erase your computer and start fresh. Back up your essential data files first, then reinstall your operating system and all your software from scratch. It’s a hassle, sure, but it’s the most reliable way to know your system is likely clean. You can probably find a computer consultant to help you. If you don’t want to use a consultant, or if it is your family computer, I’ve known people who take their computers to local tech repair shops for this process.

Network-Wide Considerations:

Remember, if one computer on your network is compromised, others might be too. Consider having a professional assess your entire network for signs of intrusion. They can help identify any backdoors or persistent threats that might be lurking.

Prevention is Key:

To avoid future incidents, make sure all your software and operating systems are always up-to-date. Use strong, unique passwords for all accounts, and consider implementing two-factor authentication where possible. Regular backups of your important data can be a lifesaver if you ever need to start fresh. Restrict user permissions and rights. Use excellent spam filtering tools. Train your users not to click links, open attachments, scan QR codes, follow instructions to download documents, and more. Use other essential industry cybersecurity practices. Ensure your IT Pros are managing your computers.

Develop an Incident Response Plan:

It’s crucial for businesses of all sizes to have an incident response plan in place before a breach occurs. This plan should outline the steps to take, who to contact, and how to mitigate damage.

Even for families, having a basic plan can help them act quickly and effectively if they suspect a breach.

Engage a Qualified MSSP:

If your business doesn’t have an internal IT professional, or if yours is overwhelmed with work, strongly consider partnering with a qualified MSSP (Managed Security Service Provider) to help your company stay safe.

Summary:

I hope your family or very small company never gets hacked, but if it does, I hope this guidance helps you decide whether or not to attempt to find and remove malware and provides tips about how to do so. Remember, when in doubt, don’t hesitate to seek professional help – the cost of expert assistance is often far less than the potential damage from a mishandled breach.

Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: https://fosterinstitute.com/e-savvy-newsletter/