Given the wealth of information associations have on their members, organizations like yours can be a prime target for hackers looking to steal personal data, credit card information, or hijack assets for their own devious uses. Too often, associations are not even aware there has been a security breach until it has been executed, which may come at the price of lawsuits and reputational damage.
The potential cost of cyber-attacks is too high for any organization to ignore. Yet many still rely on antiviral software or their IT department to root out attacks. It’s imperative that employees and the end users of association assets be trained to recognize suspicious activity and report it immediately. Here are some telltale signs your security may have been compromised.
Your Website Is Offline
In a distributed denial-of-service (DDoS) attack, an attempt is made to overwhelm your website with fake traffic to shut it down. It is often done using a network of hacked computers, known as botnets, that have been hijacked for use without the owners’ knowledge. More insidious than a few hours of downtime, hackers may using the distraction as a decoy for staging a larger attack on your system.
Unusual DNS Traffic
You may wonder if your computer is being used in a “botnet” to help hackers carry out hacks on other networks. One telltale sign may be an unusually high amount of outbound Domain Name System (DNS) traffic, indicating that your computer is communicating with other computers in a remote network.
The System Logs Activity Outside Business Hours
Check your system logs for suspicious activity, especially those occurring outside business hours when nobody should be in the office. Hackers may be using the opportunity to carry out their malicious intent when nobody is watching. It is almost certainly a sign that your system is being used without permission.
Emails Your Coworkers Didn’t Send
Fraudulent emails sent by a coworker’s hacked email account provide one sneaky way hackers can get a human user to carry out their attack. Make sure employees know they should never open suspicious and unsolicited attachments, even from email accounts they trust. They may contain malicious code that will infect their computer—and every other computer on your network—when opened.
Unusual Files
The most obvious sign of a security breach is things happening on screen without the owner’s permission. Employees should be on the lookout for downloads they did not initiate, large files appearing on the network, or lights flickering on a webcam or microphone when it is not being used. All could be signs that their computer has been compromised.
What to do if you have been hacked
If you have already been hacked, there are some essential steps your association must take.
Come Clean
The worst thing an association can do following a security breach is trying to cover it up, as Yahoo learned to the tune of millions in class action lawsuits and a federal investigation. Nearly every state has laws governing data breaches and how organizations must act when they occur—which includes confessing the incident and notifying those affected in writing.
Alert the Proper Departments
Notify your legal and compliance departments of any security breaches immediately. Depending on the state where your association is headquartered, you may be required to file the incident with the State Attorney General’s office and other governing bodies, alert media outlets, and possibly offer restitution to your affected members. It may also be necessary to alert local and federal authorities if you suspect the attack may be part of a coordinated assault on multiple institutions.
Perform Autopsy
After emergency action has been taken to contain the breach and stem damage, your priority should be gathering information on when, where, and how the attack occurred, as well as what information has been compromised. Decisions about how to proceed after an attack, and prevent future incidents, will be guided by the results of this examination.
Execute a Response Plan
If your association does not have a plan in place to respond to cybersecurity breaches, it may be time to write one. Staff should be informed on the policies on dealing with attacks, which should include how to alert customers and authorities, as well as a fallback plan for conducting business if the network is taken down.
Test Your Systems
Before a breach happens, and especially after one, associations should consider implementing annual “penetration testing” of their network to determine weaknesses in the system. Given the ever-changing nature of cybersecurity attacks, regular evaluation of your defenses will help keep your system adaptive to new and more potent threats.
At ISG, we encourage all of our clients to keep up-to-date with cybersecurity issues. If you are concerned about protecting your systems, member data and staff, let’s talk. We work with partners that have cybersecurity expertise and are happy to make referrals.