It Could Still Happen to You: How to Get Through a Digital Recovery Effort

You can never assume that you’re safe just because you’re sitting behind a next-generation firewall and some fancy, expensive security software. If you’re familiar with my post about not being an Internet idiot, then congratulations, you have all the information you need to be way safer than about 95% of the general population.  But, unfortunately, it is still possible that you could become the victim of a cybercrime or other targeted attack.

I am not so naive as to believe, like this guy, that we can avoid these kinds of issues simply by adjusting our behaviors online. The enemy is getting smarter, and more persistent. You may think that you are covered and that this does not apply to you—because you never respond to those silly fraudulent emails, or because you always avoid the dark corners of the Internet, or because you only provide personal and/or payment information over trusted, secure channels to reputable vendors.

Well unfortunately, sometimes fraudulent emails can look like legitimate ones. Sometimes the dark corners appear bright, professional and inviting.  And sometimes, even reputable vendors get hacked.  So being vigilant is a good start, but don’t get too comfortable—that’s what they are counting on.

If you are ever the victim of a cybercrime, there are some important things to remember. This applies for other types of disaster response situations as well.

1. Planning is everything. It is better to buy the requisite insurance in advance and know that you are covered if the worst does happen. This may include an actual insurance product (talk to your insurance provider), but it also includes stuff like good working backups and a simple DR plan. Also: can you prove your identity to your vendors under every circumstance (including compromised credentials)? Your list of “what if’s” doesn’t have to be complex or take a long time–try to keep it to one or two pages. If you put it on your calendar, you should be able to hammer it out in a single morning or afternoon.
2. Do not panic. This kind of thing happens, and although there will undoubtedly be some damage and loss of time/money to this unfortunate incident, most people get through it okay, provided they’ve made the effort to take care of #1, above.
3. Might as well clear your calendar for the next 24-48 hours. If you are going to be in any way responsible for any part of the recovery efforts, especially communications, doing this will make you feel a lot better—just take a few minutes to cancel your upcoming appointments—let them know you have to respond to an emergency, and that you will be contacting them in a couple of business days to reschedule.
4. Focus on what needs to happen next. Do you need to cancel accounts or credit cards? Contact a service provider? Law enforcement? Commence recovery efforts for lost data? Notify staff and/or customers/clients? Delegate responsibilities? If you don’t already have one as part of your DR plan, then take 20-30 minutes to make a list, give it a quick priority ranking, check it over carefully, and then start executing. One. Thing. At. A. Time.
5. As you move forward, be delicate and prompt in your communications. You do not have to reveal too much detail to anyone—keep constituents focused on the recovery objective and expectations around what information to expect as a next step. Explanations about “what happened” and “whose fault it was” can be deflected and dealt with at a later time (or in some cases, not at all).
6. After recovery efforts are complete, you are going to want to take a few steps to ensure you are “better-prepared” for next time (or work on sharpening the saw so there may not be a next time). What could you have done differently or better? What would have saved you precious time, if it had been ready in advance?

Conclusions

I sincerely hope it doesn’t happen to you, but if you ever do find yourself in this situation, then let this information be a small source of comfort–even if it only helps a little bit. I haven’t had to do this personally for myself, because I’ve been careful (and lucky), but I have helped many a client over the years get their data back or recover from a breach. It happens. Provided you’ve prepared as per the above, you deal with it, and life moves on.