The first thing any organisation should do is ensure that whoever’s hacked into the company network can’t do any further damage by locking them out of the system. This involves disconnecting the network from the internet as soon as possible. This can be as extreme as shutting down the router/firewall but will more likely be a partial lockdown of internet access if you have a dedicated IT team or outsourced IT support.
Next, it’s important to assess how far the hacker has got in terms of encrypting files. Additionally, have any sensitive files been uploaded or downloaded? At this stage, you may need to notify some of your suppliers and customers.
Prepare your organization to handle ransomware threats with Three Cybersecurity Threats Your Employees Need to Know.
Step three... it’s time for a clean-up. This should involve doing a sweep of all systems and devices to find the software that’s been encrypting files and remove it. This can, in part, be a manual process that requires looking at individual devices. This might also involve asking staff working remotely to bring their devices into the office.
Finally, it’s important to restore everything to its previous state. Ask yourself what your priorities are and what should be pulled back first. For example, this may involve making sure all relevant HR and payroll data is accessible so that staff and suppliers can still get paid on time. Many insurance companies are now insisting that companies only restore data and that everything else, including your core systems, are rebuilt from the ground up. This is due to it being almost impossible to tell how long the attackers have been in the system and what they may have hidden. The time and effort to do this is huge, so this really is a case where prevention is better than cure.
Once you’re out of the danger zone, you need to take steps to ensure this doesn’t happen again and that the business has a basic level of security in place. Consider implementing cloud security solutions, such as mobile device management (MDM), for example. This will enforce security on employees’ devices and ensure all devices accessing corporate data have the latest endpoint security, firewall and software patches in place. Also deploy an email security system which will scan all emails for viruses and dangerous content before they get to the user. Staff training is also vital – clicking on a dodgy link or inadvertently letting in hackers is human nature. However, by educating employees on the signs of a possible attack, organisations can reduce the likelihood of one happening again.
Discover how to mitigate vulnerabilities with Proactive IT Support Strategies.
Protect Your Business with Expert Cyber Security Solutions
Safeguard your organisation against evolving cyber threats with Probrand's comprehensive cyber security services. From threat detection to robust defences, we’ve got you covered.
Explore our Cyber Security Services