How you deal with a cyber incident depends on (1) the nature of the incident; (2) your circumstances/setup; and, (3) if you wish to have the incident investigated. Please use the following as a guide only.
If your business has experienced a cyber security incident, this may result in a police investigation.
If you would like to have a cyber security incident investigated by law enforcement, please read the following carefully:
- individuals and small businesses should report the incident to the Australian Cybercrime Online Reporting Network (ACORN)
- major businesses should report to the Australian Computer Emergency Response Team (CERT)
- disconnect the compromised machine from the network and wait for law enforcement to respond
- keep the system turned on – RAM data will be lost if a machine is powered down
- leave the compromised machine alone – do not run programs or open files – leave this for law enforcement. Interacting with the machine can destroy forensic evidence and prevent an investigation from progressing
- if virtualised, suspend the compromised machine and copy the related files to new media.
You may decide not to report a cyber security incident to law enforcement. However, it is still important to report an incident to ACORN or CERT. This allows the Government to form a more accurate view of cyber security threats and make sure that businesses receive the right help and advice.
Others you may need to contact
Your Insurance. If you have cyber insurance, your policy may include an incident response and forensics team. You may also need to contact Your Financial Institution.
Report to law enforcement
Cyber crime involves the unauthorised access to or impairment of computer systems and may constitute an offence under the Commonwealth Criminal Code Act 1995 and/or state and territory criminal laws.
Specialists in Small
Confidence in Our Evolving Cyber World