If you are a large company and you have been attacked by an outside black hat hacker then the last thing that you may want to happen is that everyone finds out about it. Even if you are a small company, you do not want this information out as well. When you report an incident such as this to the police you are seen as weak. That is unfortunate but it is true. You are seen as a company who cannot handle their own security. If a person who was thinking about doing business with you seems to think that you have weak security then there is a huge possibility that they are going to move on to the next company.
But there is a huge danger as well when you do not call the police when someone attacks your servers from the outside. The number one danger is that you are letting that person get away with it. If an attacker knows that they got away with the attack the first time, then there is nothing stopping them from attacking the same victim. Of course you can always go get new equipment and see if that stops the attacker better but most likely, if they are good, they will find some way to get around this new equipment. The main aspect of the crime that they were worried about, getting caught, is now no longer something that they have to worry about. It is now worth it for them to try and get around any extra security that you throw up. If you are not willing to call the police then the extra time it takes for them to figure out your security layout is worth it by the payout that they will receive.
So now that you see the consequences of both reactions to being attacked by a black hat hacker on the outside, the question becomes which route should you go. Do you want to be known as the company who was susceptible to an outside attack or do you want to be known as a strong company to the people on the outside but to the hacker community be known as someone who is a permanent victim. Maybe it does not have to be a black and white issue. In this article we will take a more detailed look at when you should notify law enforcement of any computer hacker problems.
How big was the crime?
When people talk about cyber crime they usually lump all of the different types of crime into one big basket. But that is not usually the case. There are all different types of cyber crime that you must be aware of. Some of the crimes are very big and cost millions of dollars and some of the crimes are small and only costing companies a few thousands at most.
For example, if you were infiltrated due to somebody on your network clicking on a piece of malware that has been going around the internet, then that might not be a crime that is worth alerting the police about. This is especially true if the damage that was done is considered small. People are hit with this type of malware all of the time and 90% of them do not call the police. Now, if you were to lose a large amount of money due to this piece of malware then it might be time to bring in the police.
A piece of malware that does not target your company is one thing. If someone in the black hat hacker community decides to target you then that is another matter all together. When you are the one being targeted directly then you must get law enforcement involved. They will have the resources that you need to be able to find who is targeting you. If you do not want to get law enforcement involved in the very beginning then you can go to a private computer security company. But if any money was stolen, especially if it is your customer’s money then you are going to have to report the incident to the police.
And that is a big key as well. If any of the money taken was from customer accounts and not your own then I suggest that you call the police right away. You are going to want to make sure that you are not a suspect and if they find out that you did not call the police right away then that does not help your case. When it has to do with customer accounts you want to both be able to explain to law enforcement and the customers themselves what exactly happened.
There are both upsides and downsides to calling the police when you have been hacked. But you must make sure that you do the right thing or no matter what happens your customers will never trust you again.