9 steps you should take if your IT systems are under attack

While the perpetual message to us all is to ensure our online systems are secure, there is also the inevitability a breach will come – and knowing what to do when that happens could be crucial.

And who better to turn to for what to do when that happens than the National Cyber Security Centre. It suggests following the tips below. They might just save your business or organisation.

About the sponsors

Charles Russell Speechlys’ Cheltenham office advises regional, national and international clients ranging from multinational listed companies, government organisations, limited companies and partnerships to entrepreneurs, private individuals and their families and its dedicated technology team includes experts on data protection and cyber security.

Salus Cyber is a certified provider of world-class cybersecurity services, based in Cheltenham. It helps clients identify and manage their cyber risks proactively and effectively and is the cybersecurity partner of choice for industry-leading organisations throughout the UK and Europe.

The University of Gloucestershire is an integral part of the county’s cyber community. It was the first institution in the country to offer cyber security degree apprenticeships, and it has undergraduate and postgraduate programmes are helping to develop specialists in this field.

1. Pull the plug

In the event of a cyber attack ‘infects’ your business or ogranisation with malware or ransomware immediately disconnect the infected computers, laptops or tablets from all network connections, whether wired, wireless or mobile phone based.

2. Disconnect from the internet

In a very serious case, consider whether turning off your Wi-Fi, disabling any core network connections (including switches), and disconnecting from the internet might be necessary.

3. Reset your systems

Reset all your systems credentials, including passwords (especially for administrators and any other system accounts). Remember to make sure you do not lock yourself out of systems that are needed for recovery!

4. Wipe all infected devices

Safely wipe the infected devices and reinstall the operating system (OS). This means that you should safely erase all data from your hard drive to render it unreadable. Ideally you would have a back-up system in place already!

5. Double check before you restore your systems

Assuming you carry out step three, above, and before you restore from a backup, verify that it is free from any malware. The NCSC points out you should only restore from a backup if you are confident both it and the device you are connecting it to are clean.

6. Only reconnect if your network is ‘clean’

The same applies to any other devices. Only connect them to a ‘clean’ network in order to download, reinstall and update the OS and all other software.

7. Run antivirus software

Once all of the above is done, remember to install, update, and run antivirus software on all devices too.

8. Do not rush to reconnect

Only when you have carried out the steps above should you reconnect to your network. If you jump straight to ‘reconnect’, you risk reinfecting your systems and undoing all your hard work.

9. Remain vigilant

Even if you have meticulously carried out all of the above, make sure you monitor network traffic and also run antivirus scans to identify if any infection remains. It is better to be safe than sorry.

The NCSC website carried plenty more advice on the subject in more detail, including its document Technical Approaches to Uncovering and Remediating Malicious Activity.

By Andrew Merrell

Follow SoGlos on LinkedIn and sign-up to the weekly SoGlos business newsletter for the very latest Gloucestershire business news stories.

© SoGlos
Tuesday 09 November 2021