Attack Recovery: How to Properly Recover from a Cyberattack

Nov 12, 2019

Those four words no wants to hearYou have been hacked. As you begin to fight off a malicious hacker, you may find out you’re really facing more than one. Once you realize you’ve been breached, it’s time to quickly focus on recovery.  

Not all cyberattacks revolve around financial gain; sometimes the damage done is just for funMany attackers engage in recreational destruction by placing graffiti on digital signs, disabling your guestfacing systems, and shutting down your systems all together.  

If a franchise owner under large flagship holding company were to be breached, they would have to follow certain regulations on reporting the issue at hand appropriately. For the most part, the franchise owner would handle the issue themselves since they are an independent business. However, there are reporting expectations since it will be seen by the world as if the flagship company is the one compromised.  

Typically, during the recovery process, the flagship company would want to protect its reputation and reassurpeople the issue is not widespread. Simultaneously, the company would not assume any liability for the breach since they don’t own that franchise location and are not responsible for the breach occurring.  

In the case that it was an independent hotel facing this problem, they would have to take a slightly different approach of addressing it. 

Once you have determined that your system has been compromised, there are several things that must be done and asked to ensure the damage doesn’t escalate by answering these quantifying questions

Laying out the issue properly would require significant data gathering. Doing so can be done by conducting a forensic analysis on precisely what happened. Once that is completed, the property is better able to report the problem more accurately in addition to combating it effectively. 

If the problem were to cross the threshold of hurting more than 500 customers, the issue must be reported.  The state your property is located in determines whether you have to file a notice of breach as guidelines vary by state. However, depending on the industry, you would have to also report it to the industry’s regulating bodies. 

While all reports are being filed, the recovery process needs to begin. The first step being to close the holes and gaps found by the hacker. Next, rebuild the network. Once that is resolved, your property must investigate ways to prevent this from happening again in the future.  

Often, these investigations result in implementing the right kind of network controls and managing what a guest can and cannot access. Only operate with third-party cybersecurity vendors that test your network and your controls repeatedly, so the security controls don’t degrade over time.  

A good action to incorporate into your daily operation is to back up information so that if an issue occurs, you haven’t lost all your data. This is in addition to placing a backup off the network to ensure that your assets are safe.  

Cyber attackers have the opportunity to gain access to the sensitive information of your guests; if they obtain this access, they will abuse it. Information such as payment data and customer information are the kind of things that will be sent to an off-site location to be possibly sold on the dark web.  Prepare for the worst when working to secure your virtual assetsNot doing so could leave you open to a major attack.