10 minute read
Your Business Has Been Hacked. Now What?
By Diane Amato
A cyber attack on your business isn 't so much a question of “if" but “when "
these days. Given the shift to virtual work, rapid digitization and an uneasy economic climate, small businesses have become a prime target for hackers. Here ' s how to steer your business through a breach.
Many small business owners tend to think of cyber attacks as something that happens mostly to big companies. That’ s because reports of multi-national enterprises being hit by hackers dominate the headlines. Unfortunately, the many heartbreaking stories of small business incidents receive far less attention. The reality is, smaller targets can be an easy game, due to (typically) lower levels of IT sophistication, funding and dedicated cyber security staff. Sadly, a cyber attack can be devastating for many small businesses, leading to huge financial costs, significant data loss, operational downtime and/or reputational damage that can be almost impossible to recover from.
Watch for the signs
So how do you know your business might have been hacked? Sometimes it’ s easy and sometimes it’ s not. Signs might include something being “ off” with your financials, your hardware or software isn ’t working right, your passwords don ’t work, or you get complaints about your emails (e.g. contacts say they ’ re getting spam emails you didn ’t send.) Cybercriminals are on average in business environments for 200 days before owners realize they have been attacked. However, some incidents are more obvious.
The key is to respond quickly and efficiently once you detect a breach. The first thing to do when (not if) a cyber-attack happens to you: don ’t panic. Take a breath, take stock and walk through the three key stages of crisis management – readiness, response and recovery. This can help your business come out the other side.
Readiness, Response and Recovery: Three Stages of Crisis Management.
While there are many steps you can take to prevent getting hacked, no business is impenetrable. Preparation is actually your best bet to effectively manage and survive a cyber incident. That’ s why a good cyber crisis plan can help your team respond quickly and effectively, and minimize harm. While you and your business may be stretched for time and resources now more than ever this year, it’ s never been more important.
“Once you ’ re prepared, you also need to practice, ” advises RBC
Chief Information Security Officer Adam Evens.
“It’ s flexing a muscle – you need to do it regularly to make sure that you understand how to operate everything you ’ re putting into place.
Stage 1: Readiness
So, if you have a plan in place already – and you think you ’ ve been
hacked – now is the time to put it into action. If you don ’t, you ’ll
need to think quickly, so borrow this Cyber Security Crisis Management Template. At a minimum, your plan should cover these elements:
A list of cyber risks, grouped by impact. Know what types of events might affect your organization. For example a lost employee laptop or mobile device, system disruption or data breach. Phishing, ransomware and business e-mail compromise (using a company ’ s own e-mail accounts to defraud clients or employees) continue to be the biggest threats. Next, categorize their potential level of harm (e.g. critical, high, medium, low). Think about risks from all lenses –including technology, operations, payments, reputation and people. Remember, risks might not always come from an attack on your business; you could be impacted by attacks on a key supplier, employees or even clients.
Key stakeholders. These are people or companies that could be affected by a cyber event in your business – they may either be impacted by a hack or be in a position to help you through it. It’ s a good idea to formally document their names, contact information and role.
How events will be communicated. How will you reach out to those affected? How much will you tell them, and when?
Communications templates. Time is of the essence in a crisis. It’ s wise to prepare communications in advance, taking into consideration various messages, channels and levels of priority.
Stage 2: Response
Next up, you
’ll want to think about how you want to respond and take action – then act.
In this stage, you will need to assess:
It’ s also at this point that you need to “ own the breach, ” as
Evans says.
“Owning the breach is very critical, because you control the messaging, and you act in the interests of your customer and your employee in protecting your business. If you do those things well, you maintain a level of integrity and a level of trust with the community that you service.
What happened What is the impact(s) What your plan is in the short-term (minutes and hours), the medium-term (days and weeks) and the long-term (months and years). If you are sufficiently prepared in the first stage, this is a matter of executing the plan you have already developed and practiced. How and when you ’ re communicating
Stage 3: Recovery
In the recovery phase, speed is essential to limit damage and minimize disruption. Once you ’ ve “ secured the scene, ” so
to speak, you
’ll need to assess damage to your technical systems, your finances, your brand, your operations and your stakeholders. You ’ll also need to address any regulatory, compliance and legal fallout.
This is also a good time to look closely at how this happened, and take stock of lessons learned. Ask yourself:
Has the problem(s) been fixed? What steps can we take to prevent this from happening again? Are my employees and suppliers fully educated on the risks and vulnerabilities that exist? Remember, as much of 95% of incidents are caused by human error, such as employees clicking on links, using weak passwords or being tricked into sharing information. Have any opportunities emerged out of the crisis? “The odds of businesses getting hit with a cyberattack keep rising. And if you ’ re hit once, chances are that lightning might strike again. With those odds, incidents are a virtual certainty for most businesses. Business owners have a lot on their minds and juggling many mission-critical priorities this year, but cyber security is just too important to let slide, ” Evans added.
Keep in mind that through every stage of crisis management, you ’ll be better positioned for success if you secure help from experts. Consider having a legal team on retainer to provide timely advice, IT experts to set up robust security systems and cyber education specialists to educate your employees.
Don’t Go It Alone
T h i s a r t i c l e w a s o r i g i n a l l y p u b l i s h e d o n R B C ’ s D i s c o v e r & L e a r n b l o g
A Passion for Community Drives Home
Hardware Dealer-Owners to Success
Since opening its doors in 1937, Pioneer Home Hardware Building Centre has been a foundational business in the community of Campbell River, BC. Eighty-four years later, the business remains family-owned and is led by a team of three dynamic women. The combined strengths of Allison Kilby, Theresa Handel and Amber Spring allow them to serve their community under an iconic Canadian brand that supports local entrepreneurs.
When Allison Kilby joined her father as a Dealer-Owner at Pioneer Home Hardware Building Centre in 2010, she brought a strong understanding of the business operations from years of being an employee. In 2018, her sister, Theresa Handel, became a Dealer-Owner, bringing her passion for communicating with store staff and the customers they serve. That same year, longtime employee, Amber Spring, completed the trio with her strong office management skills.
“Our individual strengths bring balance and create a stronger leadership team driven by the same objective of supporting the local community that supports us, ” said Allison Kilby, Dealer-Owner, Pioneer Home Hardware Building Centre.
Building Together
The trio is passionate about providing exceptional service to the people of Campbell River and Home Hardware Stores Limited has the right tools and programs in place to make sure the team can respond to the unique needs of their local community.
“The support Home Hardware provides allows us to operate in a community-minded way, ” explains Handel. “Having lived and raised families in Campbell River, our relationship with our customers goes beyond the store. We are friends, family and neighbours.
The team at Pioneer Home Hardware Building Centre is always stepping up to support Campbell River when help is needed most. Many businesses and organizations, such as the school district, have relied on them for their commercial and janitorial section through the pandemic.
“Owning a business like ours means you have to be ready to serve at all times. Whether it’ s a generator or a part to fix a water pipe, customers don ’t just need help between 9:00 and 5:00, ” describes Kilby. “We are often the first line of support and take great pride in being there for our customers and employees when they need us, because we know they would do the same for us.
Locally Owned. Genuinely Canadian.
Those in Campbell River recognize the Pioneer Home Hardware Building Centre team as members of their community and appreciate that they are locally owned. “Our customers tell us that they choose us because we ’ re local, ” says Amber Spring. “And I know many other Home Hardware Dealer-Owners hear that it matters to Canadians that they are supporting home-grown businesses.
“Home Hardware Stores Limited invests in their DealerOwners ’ future, which means they provide great support to us so we can be successful in our marketplace, ” details Theresa Handel. “We are one of close to 1,100 locally-owned stores across the country, and each one is tailored to meet the needs of the Canadian community it serves.
Home Hardware
’ s Dealer-owned model allows each store to customize and localize their product and service offerings. This has fostered a national network of Dealers including Kilby, Handel and Spring, who are excited about growing their business and passionate about the Home culture.
“We have always felt supported by Home Hardware, ”
said Spring.
“They keep us well-informed and provide us with the resources, training and programs that allow us to build our business for our community.
Historic Change and Future Thinking
A lot has changed since the store opened in 1937, but the fundamentals of Pioneer ’ s success haven ’t.
“We are focused on providing our customers with the materials, tools and services they need for all of their home improvement projects, ” said Kilby. “The team we work alongside every day makes this possible. As Dealer-Owners, we all agree the three ingredients for our leadership success are patience, empathy and knowledge. Although the business has been in the family for years, Kilby and Handel worked hard and showed their passion to drive things forward before becoming DealerOwners. This meant working all parts of the business, from cashier to forklift operator and identifying the right fit in Spring to complete their ownership team.
“I have worked in this store since high schools, like Theresa and Alison, and we ’ ve
worked all areas of the business, ” states
Spring.
“We know that if you can put yourself in someone else ’ s shoes and have the understanding of what your business can do for employees and community, you will go a long way, ” said Handel.
“Dad always told us not to ask someone else to do something that we ’ re not willing to do ourselves, ” said Handel. “This mindset has been one of the reasons our employees and customers have historically trusted us.
Representing Home
Home Hardware has built a national reputation for putting customers first. Kilby, Handel and Spring are exceptional examples of how independent DealerOwners provide the level of service and knowledge that their community can rely on. They celebrate their employees and customers in Campbell River and exude the strength and passion for their community that makes them stand out.
