What to do just after a cyber attack
- The worker who spotted the threat first needs to inform the IT and management teams. When an employee encounters something uncommon with their computer, they need to notify the IT team urgently. It doesn’t matter if it’s a false alarm, but if something is out of the ordinary, the techs need to know. There are times hackers and threat actors keep their attacks under the radar so they can steal data without issue. No one should take any irregularity for granted.
- IT staff must cut off the computer from the network and document the infection. Once the tech team identifies the compromised computer, they need to remove it from the network immediately. They should start unplugging the cables that connect to a network switch, router, modem, or DSL. Aside from containing the threat, they will need to check nearby machines for infection.
- The company should review the backups in the cloud. An IT guy needs to go to their existing backups and make sure they are not compromised in any way. The integrity of the backups will ensure the business continuity after the attack is over and the team contains the bad actors.
- The in-house team should start implementing cyber security protocols. If a company composes a cyber security response plan, there should be procedures and rules for how to handle the first few minutes of the detection of a cyber-attack. If the incident response team is not yet on-site, the first ones who detected the cyber attack should start implementing what’s stated in the plan. If the plan calls for the scene of the cybercrime to be cordoned off, the IT team should preserve the integrity of that particular part of the network.
- The IT team should draw the attention of the employees and educate them about the attack or infection. The company should immediately alert its affected employees about the cyber-attack. Human error can act as the base cause of a breach, and it can also definitely get worse in a critical situation. Employees need to be trained on how to perform during such a situation to diminish and prevent further damage. For instance, if the source of the threat is a phishing email, the IT team should immediately inform employees not to click or open a particular message to avoid any malware from spilling onto more devices.
- Use solid security systems to track possible malicious assets. Companies with security operations centers or combined solutions like Sophos Endpoint Protection should definitely use their resources to make sure the threats are under control. And certainly, reinfection can still occur and all traces of malware or security vulnerability should be supervised as soon as the issue stabilizes.
If you don’t have the in-house IT team, you can custom cybersecurity solutions from a managed service provider (MSP) as Cloud IT! to give you peace of mind and free your time to focus on your business. Working with us means you gain an expert, vigilant team that keeps your data safe: we can evaluate your risk level, identify gaps in your security protocols and help close any gaps. Reach out to learn more about the cost-effective services we provide.