What is a cyber incident?
The disruption of your digital environment is a cyber incident. You will probably think of hackers, but a disruption can also be caused by a telecom or power failure. We speak of an incident if one or more of the following is the case:
- Reduced availability: Is it impossible to use information and systems?
- Decreased Integrity: Is there suddenly something wrong with the correctness of the information in systems?
- Decreased Confidentiality: Is there unauthorised access to the information or systems?
Examples of a cyber incident
- Internet connection is unavailable;
- Customer data is not (or no longer) correct;
- Employee salary data is publicly available;
- Pin code device is not working;
- Accounting program is no longer accessible.
What should you do in the event of a cyber incident?
You need to be able to recognise a cyber incident before you can take action. The characteristics of a cyber incident are not always the same. They can take on many forms, but the following things can be a signal:
- Device speed decreases;
- Certain information is no longer (properly) accessible;
- Strange messages are showing on your devices;
- You receive (email) messages from people saying you have been hacked;
- Website or company network are no longer accessible.
The clearest forms of a cyber incident are, for example, making your company website inaccessible (DDOS attack) or becoming a victim of ransomware. But it will not always be so obvious. So, stay alert to the above signals and take action if you do not trust the situation. For example, hire an expert to investigate the symptoms.
Prepare for a cyber incident
Preparation is half the battle. In most cases you will need help from others.
- Write down all relevant third-party telephone numbers that you will need in the event of a cyber incident. Print it and put it somewhere safe. If your IT systems stop working, this printout is invaluable. Important telephone numbers you can add: IT service providers (office automation, website, cloud services), but also parties with which you have a digital link, such as suppliers or other partners.
- Download the Cyberincident Toolkit (in Dutch). It contains:
- a card you can use to fill in the relevant third-party phone numbers
- a poster that you can hang in a visible place for all employees so that they know what to do
- a log to document the cyber incident
- Keep a log to record the course of the incident. After the incident, this will help you find the cause and file a police report or make an insurance or liability claim.
- Should you be affected by a cyber incident, stay calm, keep thinking rationally, and call your IT manager.