So You Think You've Been Infected?
Written by Chris Thornton, 11 February 2016
When an infection occurs, the damage can be varied, from performance issues to theft of personal information or data loss. In the most severe cases, how your organisation reacts could make all the difference to your recovery...
We constantly stress the importance of preventative cyber-security: awareness, education, up-to-date antivirus tools... but what happens when those defensive measures fail? With 74% of SMEs reporting a hacking incident in 2015, it's obvious these attacks can and do still happen...
A Threat to Small Businesses?
Cyber-criminals succeed by exploiting confusion, ignorance and uncertainty, especially in small businesses which lack the dedicated IT resources to respond quickly. If you're worried about becoming a victim, don't despair: cut through the confusion with our step-by-step guide to surviving a hack, fighting back and moving your company out of danger...
Establish you've been attacked
The earlier you spot an attack, the better your chance of dealing with it. You may not realise your system has been compromised until it's too late - fortunately, there are warning signs:
- Erratic browser behaviour, including an increased frequency of pop-ups, redirected searches, and the appearance of unfamiliar browser tools
- Email accounts sending large amounts of spam to contacts
- Passwords stop working suddenly
- Antivirus software and other system recovery features disabled
Understand scale and cause
If your system or network has been compromised, establishing exactly how much of your network has been compromised requires specialised technical knowledge. If you don't employ trained IT staff, turn to professionals at this point. So, what are your options?
- Independent consultants: although expensive, consultants can offer a high level of expertise and service
- Business partners: your partners have a vested interest in recovering and rebuilding your system as quickly as possible and may be able to offer extra resources
- Service providers: IT support and IT security service providers may be able to implement valuable recovery services above and beyond your own capabilities
- Authorities: cyber-attacks are serious crimes - authorities will be able to help track down those responsible and facilitate legal support
A competent, thorough investigation is crucial, not only to establishing the scale of the attack, but to revealing how your system was compromised.
Contain and cleanse
Having investigated the impact of the attack you can begin shutting down your network and scrubbing the damaged sectors. This process includes:
- Reinstalling affected software from master-copies
- Recovering data from backups (which should have been maintained regularly)
- Reformatting or restoring infected computers
Removing system weaknesses is a crucial step towards protecting your company from future attacks. Defective hardware can be replaced, software flaws can be patched - but some weak points, like stolen passwords, point to a need to re-educate employees in how to protect their data.
With this in mind, repairing your network may go beyond fixing technical exploits. You may need to initiate a company-wide behavioural change, encouraging employees to identify and avoid phishing scams and other cyber-security red-flags.
Communicating with employees and clients isn't really a 'last step', and should be an ongoing process from the initial infection all the way through to the resolution - especially since you may have serious legal obligations to clients regarding their data.
At the same time, however, hasty speculation isn't helpful - if you can, wait for your investigation to deliver definitive, useful information before acting to inform staff and clients.
Before Disaster Strikes
Although we're discussing the consequences of an incident, our trusted philosophy of preventative measures still applies. Knowing how you are going to react to an incident maximises the efficiency of your recovery:
- Encourage employees to raise the alarm early
- Ensure employees understand the plan should an attack be confirmed
- Ensure your backup strategy is effective and up-to-date
- Research and perhaps even retain consultants you may contact for help in the event of an incident
Finally, don't assume that since you've dealt with the incident, you're somehow protected from similar attacks in the future. Cyber criminals are constantly probing for weaknesses - by actively learning from your recovery, you're arming yourself against the next threat your company faces.
Would your company respond well to a cyber-attack incident? Let us help you create your own cyber-security strategy...
A World Class Company: Using Big Data
The key to success for any business, large or small, is not to rely on what you think you know. In the third of our World Class Company blogs, I take a look at how the power of “Big Data” can be harnessed by businesses of all sizes…
What Does Your Business Need To Be Secure?
Every business needs a cyber-security policy but understanding the role and function your defences is key to a successful strategy...