Cybercrime: what to do if it hits your business?
Have you fallen victim to cybercrime? Your business may, for example, have been affected by phishing, malware, or a DDoS attack. Read what you should do if your business has been targeted.
After a cybercrime
Take immediate action after a cybercrime (in Dutch). File a report online or call 0900-8844. In the event of fraud, also report it to the Business Fraud Helpdesk (in Dutch). They can advise you and refer you to other relevant authorities if necessary. Tell your employees what has happened so that they know what to do and what to look out for. Does the incident affect your customers? For example, because product delivery will take longer, or because personal data has been leaked? If so, inform your customers as well.
Assess the damage caused by the cyber incident
Assess the damage caused by the cyber incident (in Dutch). This can be difficult to express in money, as costs from damage can arise in various ways. For example:
- loss of revenue because services or sales might temporarily not be possible
- reputational damage causing customers to switch (temporarily) to another company
- the cost of hiring cybercrime specialists
Mandatory reporting of IT breaches
Are you a digital service provider or a provider of essential services? If so, you have a duty to report incidents (in Dutch) to the National Cyber Security Centre (NCSC). You must also submit a report (in Dutch) to the National Inspectorate for Digital Infrastructure (RDI).
If there is no need for a mandatory report, you can file a voluntary report (in Dutch) to the National Cyber Security Centre (NCSC). Following your report, you can receive help and advice from the NCSC.
Implement a responsible disclosure policy
In responsible disclosure (in Dutch), someone who has discovered a security issue first reports this to the owner of the digital system. This gives you time to resolve the issue. Sometimes the person reporting the issue can assist you in this. Only after that has happened, the information about the issue is made public. With a responsible disclosure policy (in Dutch) on your website, you can ask ethical hackers to report security issues in a proper and safe manner. Without such a policy, they are less likely to report issues, as they fear potential legal consequences.
- Are you a provider of essential services such as energy, drinking water, or financial services? If so, you must also report cyber incidents to the NCSC. The Network and Information Systems Security Act (Wbni) stipulates that you must take measures to protect your business from cybercrime. Are you unsure whether the Wbni applies to your business? Complete the Wbni Self-assessment for Digital Service Providers (in Dutch) anonymously to find out.
- Is your company a financial service provider, or do you provide IT services to financial institutions? If so, in addition to the Wbni act, your company must comply with the Digital Operational Resilience Act (DORA).
How do you recognise cybercrime?
There are various forms of cybercrime. Below are 7 common types. Information on other types of cybercrime (in Dutch) can be found at the NCSC.
A virus is a small program that can damage or delete data on your computer. It can even wipe or lock (encrypt) your hard drive. Many viruses spread via email. Malware (malicious software) is a collective term for all software created by criminals to deliberately damage computers and operating systems.
With phishing, criminals attempt to steal your login details, credit card information, PIN, or other personal information. They do this via email or telephone, pretending to be from a trustworthy organisation. Or they create a website that looks like your bank or credit card company. If you provide your details, they can withdraw money from your account. A genuine bank will never ask for your account details or password.
Ransomware is a computer virus. It is a type of malware. Ransomware can make files on your computer or phone inaccessible. This often happens via a phishing email or a malicious link. The malware tells you that you must pay a sum of money to regain access. The police advise against paying. Find out what you should do if you are a victim of ransomware.
In the event of a data breach, a criminal has gained access to computer files containing business-related personal data. It is not always clear right away that you have suffered a data breach. But you may notice suspicious activity, such as unauthorised login attempts or the loss of documents containing sensitive information. . And how to report it.
In a DDoS attack, criminals send a large amount of data to a server. This makes your website or a web page very slow or inaccessible. For example, the login page on your website. A DDoS attack is a form of hacking.
Many websites have input fields where customers can enter their payment details and address. Or which customers use to log in. Cybercriminals can exploit these input fields to steal data. Read how you can protect your customers (in Dutch).
In digital skimming, cybercriminals steal customers’ payment details during an online payment in your online shop. This happens during the payment process without customers realising it. Read how to protect your online shop and customers against digital skimming