With the latest in a long stream of high profile attacks on business computer systems hitting the headlines this week, we have put together some guidelines into actions we recommend you take if your computer systems are hacked (or if you think they might have been).
Talk Talk have been the victim of several attacks this year so we are sure they have been taking major steps to combat the ever present menace of cyber criminality. They received praise for their swift response to the latest incident but despite their undoubted technical abilities they have been unable to totally eliminate the risk to their network security. It is reasonable to assume then that at some point your own company’s system will be penetrated to some level, so our first advice is:
Have a disaster recovery plan
It may not be perfect but at least if you have sat down and discussed the “what if” worst case with your IT team or provider, you can make a plan to minimise the impact and ensure an attack is not fatal to your business. Think about how you would close down, clean and re-start your systems. Where is your key data stored? Do you have separate non connected copies? Which parts of your system are the most critical? Whose job is it to control the action the plan? As you talk things through you will see there will be a lot of individual tasks that need completing.
Shut things down quickly
Moving quickly when you suspect an attack is in progress or has recently happened, will minimise the overall impact it has and give confidence to your clients that even though you have been attacked you are acting swiftly to protect both your company and their data. Close down your website and other portals being attacked and then bring them back slowly when you have your security experts in attendance to control things.
A good communications plan will help you maintain your customer’s confidence in a difficult situation. Silence is not golden in this case.
How did it happen?
Once you have the situation under control you can seek to fix it and the key will be to identify how the attack happened and fix that element first. You will need to do a complete system review anyway but fixing the initial weakness has to be done before you can move on to improving overall security.
Typical actions would include improving your firewalls, password resets (and possible upgrading of difficulty level) for all users and reformatting infected devices. Loss of data may be an issue if you haven’t implemented a good data backup system.
Review and improve
Bringing in a third party to review your security is a good idea after the breach has been fixed. They will bring a fresh perspective to the problem and perhaps will spot weaknesses that you may have overlooked. Once complete the review should enable you to create an improvement plan that reduces the potential risks in the future. It will be impossible to eliminate them totally.
Questions?
If you have any questions about hardware, software or cloud data security, we would be happy to have a discussion with you about it and offer advice on what is practical for your organisation. Please give us a call.