Cyberattacks: The First 72 Hours

Man at desk with computer displaying a 'Security Breach' warning; colleagues in background.

November 20, 2023 | Charmaine Skoubo

As everything becomes digitized these days, it can feel like being on the receiving end of a cyberattack is inevitable. Regardless if your organization already has a plan in place to prevent this, or if you are working on creating one, it’s important to understand what to do in the first 72 hours after a cyberattack.

Mobilize your cybersecurity response team.
- Douglas Williams, president and CEO of Williams Data Management, strongly recommends taking this key action immediately following a cyberattack. “Assemble a business continuity team, including IT and data forensics experts, and have them determine the size and scope of the vulnerability,” he said. It’s important that each team member knows what to do and what their responsibility is in the event of an attack.
Identify the type of attack.
- For the team to address the attack appropriately, it’s necessary to identify the type of attack. The source of the attack, the extent of it, and its impact is all vital information.
Contain the breach.
- Another necessary step is to shut down all access the attacker could have to your accounts and data. Disconnect the affected network from the Internet, disable all remote access to the network, re-route network traffic, and change all vulnerable passwords. The key is to completely deny the attackers access to your system. You can then work to return the system to a hopefully more secure working condition.
Assess and repair the damage.
- You’ve identified the attack and contained the breach, now is the time to determine if any critical business functions were compromised. See if any data has been affected by the breach and take care of any unauthorized entry points that remain. You may need to reinstall systems, recover backed up data, and repair or replace any damaged hardware.
Report the attack.
- Promptly report the attack to the proper authorities. Immediately contact the FBI and state and local law enforcement offices. You’ll also want to report the attack to the Secret Service’s Electronic Crimes Task Force, as well as the Internet Crime Complaint Center and the Federal Trade Commission. If you have cyber liability coverage, be sure to contact the claims department as soon as possible.
Communicate with the public.
- If you have a PR person or department, it’s best to speak with them on how to communicate the cyberattack with customers and the public. This is especially important if anyone’s data was possibly compromised. Being upfront and honest will help keep the public’s trust.
Learn from the experience.
- Take this opportunity to go over training with employees, sketch out an even better plan for next time this could possibly happen, and be sure to fix any mistakes that were made.

Member Resources

The best fight against cyberattacks is being prepared and training your staff. Taking these critical steps if something does go wrong will help reduce the impact on the business and the public.

For more resources on cybersecurity, you can sign up for our no-cost member resource, eRisk hub, at csdpool.org/cyber or complete a cyber assessment with us to qualify for a higher sublimit, with an increase from $200K to $1M. For any questions, email us at info@csdpool.org.

Website Accessibility Statement

Colorado Special Districts Property and Liability Pool (the "District") is committed to ensuring that its services are accessible to all members of the public. As part of this commitment, the District strives to provide an accessible website compatible with the Web Content Accessibility Guidelines (WCAG) version 2.1, AA, and commercial screen reading software. Features of the website are created to allow individuals with vision and other impairments to understand and use the website to the same degree as someone without disabilities.

If you need any special assistance or accommodations:

Contact our compliance support team via telephone at: (888) 765-1970

Ongoing Compliance Information

Compliance Coordinator

The District has designated a Compliance Coordinator for website disability-related accommodations. The Compliance Coordinator has received training in website accessibility and updates the site in accordance with those best practices and requirements.

Compliance Procedures

The District is working to ensure all website content complies with the Americans with Disabilities Act and controlling State laws. In an ongoing effort to continually improve and remediate accessibility issues, the website is regularly scanned to ensure ongoing compliance, and timely changes are made to any inaccessible content if found.

Accessible Documents Policy

The District is committed to providing all documents hosted on the website in an accessible format or making accessible alternatives available.

Linked Documents and Third Parties

Please note that this site may link out to third-party websites that do not have accessible content. This site may also include documents provided by third parties. While we cannot control the accessibility of content provided by third parties, we are happy to assist any member of the public with reading and accessing content on our site.

Report a Website Accessibility Issue

We are committed to your ability to access all content, and we will respond to all requests in a timely manner. If you need assistance or accommodations while accessing content on this website, please contact our Compliance Coordinator via the form below: