While keeping cyber security at the top of the business agenda goes a long way to preventing cyber attacks, it's almost inevitable that a breach will happen eventually — and knowing what to do when it does could be crucial.
SoGlos rounds up some top tips from the National Cyber Security Centre which might just save your business or organisation if the worst should happen.
Pull the plug
In the event of a cyber attack infecting your business or organisation with malware or ransomware, immediately disconnect the infected computers, laptops or tablets from all network connections, whether wired, wireless or mobile-based.
Disconnect from the internet
In a very serious case, consider whether turning off your WiFi, disabling any core network connections — including switches — and disconnecting from the internet might be necessary.
Reset your systems
Reset all your credentials, including passwords — especially for administrators and any other system accounts. Remember to make sure you don't lock yourself out of systems that are needed for recovery, though.
Wipe all infected devices
Safely wipe the infected devices and reinstall the operating system OS. This should safely erase all data from your hard drive and render it unreadable. Ideally, you should have a back-up system in place already.
Double check before you restore your systems
Assuming you carry out the above wipe of your infected device and before you restore from a backup, verify that it is free from any malware. The NCSC says you should only restore from a backup if you are confident both it and the device you are connecting it to are clean.
Only reconnect once you've made sure your network is ‘clean’
The same applies to any and all other devices. Only connect them to a ‘clean’ network in order to download, reinstall and update the operating systems and all other software.
Run antivirus software
Once all of the above is done, remember to install, update, and run antivirus software on all devices too.
Don't rush to reconnect
You should only reconnect to your network once you have carried out the steps above in full. If you jump straight to reconnect, you risk reinfecting your systems and undoing all your hard work.
Even if you have meticulously carried out all of the above, make sure you monitor network traffic and run antivirus scans to identify if any infection remains — it's better to be safe than sorry.
Keep an eye on the NCSC website, too, as it carries plenty more advice, including its helpful document 'Technical Approaches to Uncovering and Remediating Malicious Activity'.