You know what to do following a cyber attack: contact law enforcement, change credentials, recover your data, tell your partners and customers. However, do you know what not to do in the days or weeks following a data breach? Do you know what seemingly innocent actions can actually interfere with law enforcement, put recovery in danger, and potentially land you in legal hot water?
In our latest recap of the Department of Justice’s “Best Practices for Victim Response and Reporting of Cyber Incidents,” we break down the three things you never want to do following a cyber attack, from the technology you’re not supposed to use to the people you’re not supposed to talk to.
Don’t Use the Compromised System
Following a hack, don’t use any devices connected to the compromised network, especially when it comes to communicating with law enforcement, tech experts, or others about mitigation strategies. A hacker may try to interfere with or disrupt your recovery process.
Instead, utilize spare technology or old smartphones that haven’t been compromised. Change locations or networks. You may even have to revert to doing some manual work. When Sony was hacked in 2014, employees drafted documents, reports, and communications using a piece of paper and pencil.
Don’t Disclose Incident-Specific Information
The Department of Justice warns businesses against “social engineering” attacks. Such attacks happen when an outsider slyly finds his or her way into the company through a ruse or disguise. A hacker could disguise him or herself as an IT professional or even as a member of law enforcement in order to gain information on your business’s next move.
To protect your business from falling victim to yet another attack, be sure to verify the identity of anyone you communicate with during the days and weeks following the breach. If you can’t verify the individual’s identity, do not disclose any information about the hack, its breadth, or your organization’s next steps.
Don’t “Hack Back”
Sometimes it’s possible to identify the computer or network responsible for the hack. It may even be possible to gain access to the device. However, you should never “hack back” as a means of retaliation. It could land you in ethical and legal trouble.
In fact, accessing or modifying a computer you do not own violates state, federal, and international laws, even if that computer is responsible for your cyber incident. Sometimes the owner of that computer isn’t the hacker, but an unknowing victim, which means you may end up targeting an innocent individual. Finally, hacking back can interfere with law enforcement’s investigation, prolonging or even preventing justice from being served for the damages your business faced.
Instead, leave the investigation to law enforcement. After all, you’ll still have your hands full with the most important step your business can take following a hack: rebuilding.