You arrive at your business premise as normal, it could be an office, it could be a high street business like a hairdresser, or it could be a services company like a plumber. Everything seems fine and then you turn on your computer and try to access your customer's personal data and it’s all gone.
Instead, you are confronted with a message from an unknown source demanding payment for the safe return of your customer's personal information. If this happened to you would you know how or where to report it or what to do next? Your initial reaction might be to call the police, but they will simply refer you to Action Fraud, who are the National Fraud and Cyber Reporting Centre. They provide a 24/7 reporting service for businesses suffering a live cyber-attack. Action Fraud explains what a live cyber-attack is and what to do next: What is a live cyber attack? A live attack is one that is ongoing, that is still affecting your system and your ability to work and there is an opportunity for law enforcement to stop the attack and/or secure evidence that will assist an investigation. For example:
Cyber criminals have accessed your network and stolen personal information about your customers and are demanding payment for its safe return. This is also known as hacking extortion.
Your website is being flooded with traffic – customers are not able to access it as a result. This is called a distributed denial of service (DDOS) attack.
What you need to do next:
Call 0300 123 2040 immediately and press 9 on your keypad.
Your call will be dealt with as a priority and your live incident will be triaged over the phone.
You will be asked a series of questions to help identify what type of attack you are experiencing and be given advice/support whilst your report is passed immediately to the National Fraud Intelligence Bureau (NFIB).
The NFIB will review your report and conduct a range of enquiries, identify any connected reports or links to known criminals, assess opportunities for police action then send it to the relevant police agency. This can be your local police force Cyber Crime Unit or the National Cyber Crime Unit (NCCU), which is part of the National Crime Agency.
You will be kept informed of the status of your report.
If personal data has been stolen or accessed as part of the cyber-attack, you also need to report it under GDPR the to the Information Commissioner's Office (ICO). You can report a breach via their website: 'Report a Breach'
The above steps on how to report a live incident can be found in the National Cyber Security Centre (NCSC) Small Business Guide to Response and Recovery, which also provides small to medium sized organisations with guidance about how to prepare their response, and plan their recovery to a cyber incident.