Unfortunately you are viewing this website on an outdated browser which does not support the necessary features for us to provide an adequate experience.
Please switch to a modern browser such as latest version of Google Chrome, Mozilla Firefox, Apple Safari or Microsoft Edge.
Responding quickly to an online security incident can limit the impact to your business. Here's where to start.
If you have an incident response plan prepared, now’s the time to put it in to action. If you don’t have an incident response plan prepared, that’s ok too, you can still use this guide to help navigate your response and recovery.
Creating an incident response planTo show how each step could apply to a business we’ve included a fictional example.
If you don't have in-house IT expertise, call in people who can help you resolve the incident and make any technical, legal and business decisions. These people could include:
Even if you're an IT expert, during an incident you'll need to focus on keeping your business running and managing the response, while others work to resolve the technical aspects of the incident.
Example: Pita notices that his online garden supplies store has been attacked and the homepage is displaying unusual images and messages. Pita quickly calls his IT service provider and website host.
Depending on the type of incident and what systems are affected, you'll need to take steps to contain the incident and prevent any further damage. This might mean temporarily shutting down or suspending some of your business operations.
Example: Pita's company’s website host confirms an attacker has accessed the website to share political messaging. They advise shutting down the e-commerce functionality while they work to resolve the issue, to prevent anything going wrong with potential online purchases and to protect customer information.
Once you’ve identified the incident, let your staff know what's happening, what the next steps are and who is leading the incident response.
Make sure staff have clear and consistent information that they can use to respond to any customer or supplier enquiries.
Example: Pita calls a meeting with his staff to tell them about the incident and that the e-commerce functionality of website is temporarily closed until the incident is resolved. Pita appoints himself as incident lead because he is working closely with technical support. He gives the office administrator the role of communications and the first task of circulating consistent messaging that all staff can use when talking to customers.
It can be difficult to let your customers know about a security incident and how it might affect them. You and your lawyer need to decide who you’re legally obliged to contact about an incident. You’ll also need to decide who you’re morally obliged to contact.
You'll need to decide when and how to let them know, and whether you'll tell them about it even if you’re not sure they have been, or will be affected. This decision may need to be made on a case-by-case basis.
Communicating in an online security incident
Example: In their appointed communications role, the office administrator posts a message to the business’s social media channels letting customers know that the online shopping function of the website is temporarily unavailable while an issue is being resolved. They also ask the website host to place the same message on the website’s homepage.
To minimise the impact of the incident, try to keep the unaffected parts of your business running. You might appoint a staff member to take the lead of day-to-day operations while you focus on the incident and keep track of response and recovery process, decisions and actions.
Example: Pita appoints the sales manager to keep the phone orders and the dispatch room running to make sure existing customer orders are fulfilled. This gives Pita time to work with the website hosting provider, focus on resolving the issue and make decisions around improving the website’s security.
Report an online issue or security incident to us at CERT NZ.
Once the incident is resolved, there are some important last steps to round out the response. These include: