Stressed man overlooking computer

What to do after a cyberbreach?

Halloween has come and gone, but we have a truly petrifying tale to tell. It involves every business that collects customer data and honestly, it could happen to you.

A cyber breach is nobody’s idea of a fun day at the office, but what do you do if it happens at your place of work? According to Scott Colman, IT Operations Manager at JEI Tech, the short answer is you shouldn’t do anything.

“If you start it could complicate the forensic details and you could be charged under Alberta and Canadian laws and your insurance company likely won’t pay out,” explains Coleman. After a cybersecurity event, your insurance company and sometimes even law enforcement units such as the RCMP, CSIS, and potentially the FBI, will want clean access to all the physical devices involved in the breach. Insurance wants to make sure they have all the details for when a claim is filed and the law agencies want to do their jobs as well.

This isn’t even the scary part. A cyber breach on your device(s) means you as the business owner must now contact every customer, employee, person, and entity whose information you’ve collected and tell them what happened. The way you tell them is crucial to your company’s future well-being.

“It has to be done correctly with the right legal wording, you will need legal counsel,” says Coleman, who admits he is no legal expert and suggests finding a lawyer who specializes in IT law. He does know the letter sent out needs to include a few choice pieces of information. It must state what happened, how it happened and the steps being taken to prevent it in the future.

So what can be done after a cyber breach? Well, you need to call your IT company who will lock everything down and get all users out of your system. This has to be done to preserve any evidence for the forensic investigation your insurance company may launch. The next step is to get on a conference call with your IT people and your insurance provider.

Like all good IT companies, JEI provides a backup service. In the event of a cyber breach, in theory, they can have you back up and running within 30 to 60 minutes.

The long answer is we can’t do that anymore,” explains Coleman. The legal ramifications are too risky. He’s heard the story of the IT company that went and restored and overwrote data to get their customer up and running post-breach. That maneuver could cost that IT group $1.2 million, which is what is being sought by their client’s insurance company. Scary stuff.

“It’s pretty brutal,” says Coleman. “Make sure you contact your insurance company before you do anything.”

This is where we cue the scary music and the jump scare.
Time and money – two of the most precious commodities for any business. To lose both at once to a cybersecurity event is perhaps to most frightening scenario an owner could dream up. A forensic deep dive would see you without the use of your computers and equipment for quite some time. “The quickest way to get up and running again is to purchase new equipment,” says Coleman. “The forensic team will need the old equipment for their investigation.”

Like most things in life, it’s the ounce of prevention that will be the cure for what ails you. The best advice Coleman can dole out is to make sure you have a good cyber liability policy to begin with.

“The first thing every company should to is make sure they have a cybersecurity policy with their insurance. Please, please reach out to your insurance company and ask an IT professional if you don’t understand what they are asking.”

Take Our Cyber Security Quiz

How does your cyber security posture stack up? Take our short quiz to see!

Contact Info

John Coleman, Director
JEI Tech
(587) 208-6940
john@jei.tech
Brian Suerth
Technology Assurance Group
(858) 946-2112
brian@tagnational.com