How would your business cope with a cyber-attack?

15th January 2019 | Posted in Cyber Security

It is becoming more and more common that businesses are experiencing cyber threats and cyber-attacks.

As hackers become more advanced and their methods become more difficult to detect, have you ever wondered how your business would cope if it suffered a cyber-attack?

Cyber-Attack Scenario

Staff at a fictional accountancy practice Numbers Work head office have been sent through a phishing email. The email looked legitimate and a member of staff clicked on a link to through to a spoof website. The website wasn’t legitimate, and 2 months later, disaster strikes!


Wednesday 9:30am

Fred Jones, Numbers Work IT admin is clearing out the company’s public email inbox, deleting out the usual junk and spam. As he is doing this one particular email stands out and Fred immediately fears the worse.

“We have more where this came from and we will be in touch with our demands”

The message says below someone’s name, credit card details and email address.

Fred hopes that it is a hoax, but he isn’t able to take the risk, he has to go in and see the company security officer, Liam Wilson.

“Do we know if this is a genuine credit card number, and more importantly, is it one of our customers?”  Liam asks, Fred admits he doesn’t yet know.

“Ok, well when did we get this email?”  Liam scowls.

“Well, it came in yesterday, after I had left work, so I didn’t see it until this morning”

“So, you’re telling me we are already over 12 hours into this?”

“Yeah, afraid so”  Fred says with trepidation.


Wednesday 1:30pm

“A second email has come in, it’s a ransom demand for £25,000 in bitcoin, they say we have up until midnight tonight to pay, otherwise they will be deleting all of our customer records”  Fred tells Liam.

In a panic, Liam shouts “I thought they only had one?”.

“No” says Fred “they claim that they’ve got them all”.

Liam know has little option, he has to call the companies legal counsel Aimee Lawton for advice.

“Obviously this is a potential breach, so do not reply to that message, I’ll need to review existing legislation, so we know where we stand”  Aimee tells Liam.

Liam’s head is now swimming, what about the police, the information commissioner? What about GDPR? Who do they need to notify?


Wednesday 3:30pm

Things are going from bad to worse for Numbers Work, the hackers have posted a raft of customer names and credit card numbers on a public website for sharing text and source code, to make matters worse, Liam has now confirmed the data is genuine.

“What is our data breach policy?”  Aimee asks.

“Doesn’t that come from you?”  says Liam.

“Aren’t you the data protection officer?”  Aimee asks Fred.

“No, it isn’t me….” It’s at this point that Liam realises that he is the data protection officer.

Sophie Bradshaw, the firms head of PR is now involved in proceedings. “Rather obviously this isn’t looking good, we could get absolutely hammered for this, we have failed to protect our customers private data”.


Wednesday 5:00pm

Sophie Bradshaw has drafted a public statement but doesn’t suggest releasing it until people start asking questions.

“Don’t use the word breach in the statement”  Aimee says, thinking of the legal ramifications.

Fred then bursts into the room  “We’ve found some malware, an email came in that went to quarantine, it had an attachment, that could be it!”

“Tell me you didn’t click on it, did you?”  Liam asks, fearing his day was about to go from bad to worse.

“Erm, well I thought it might speed things up….”

As Liam rolls his eyes, Aimee turns the conversation towards informing the Information Commissioner’s Office “We can report it online, but we need to tell them what we did to mitigate the problem”.

“We were supposed to update our threat detection software last year, but timescales slipped and it kind of didn’t happen”  Liam winces.

“Make sure you don’t tell the ICO that” Aimee advises  “we need to show adequate controls in place, if we can’t, we could be in serious trouble, not only that but it might prevent the cyber-attack insurance people from paying out”.

Later in the day Liam confirms that the latest phishing email was a red herring, but tells the team  “They found a phishing email from 2 months ago that linked to a log-in page that looked like our cloud provider, that’s how they got in”.

“We have to handle things better from now on, this will happen again, and its only going to get worse”.


What should Numbers Work have done?

By reacting late, Numbers Work were always on the back foot, hackers dictate the pace in these situations, so it is important to move quickly.


The practice should have:

  • Had a dedicated data breach plan
  • Rehearsed the plan with staff
  • Designated who is responsible for what during a breach
  • Regularly circulate and update the plan so staff were familiar with it
  • Notified third parties and suppliers
  • Provided evidence for the Information Commissioner to show how they handled the issue
  • Called their cyber-insurance provider for help and advice
  • Prepared a statement for customers advising how they would deal with any damage
  • Refused to pay the ransom – there is no guarantee they would get the data back


If your business is the victim of a cyber-attack, what should you do?

  • Identify where the ransomware came from
  • Get any infected devices offline immediately
  • Assess how many machines have been affected
  • Restore any lost data from back-ups
  • Tell customers if their data has been compromised
  • Plan to make sure this doesn’t happen again


To discuss how Cyfor Secure can help with your disaster recovery planning please contact us.




0330 133 1250

Cyfor Secure
PO Box 266
M24 0BY

0330 133 1250

Cyfor Secure
PO Box 266
M24 0BY