Steps to Recover from a Cyber or Malware Attack

Experts tell us that as of 2016, nearly 60% of small to medium-sized business had experienced some type of cyber attack. In the last three years, these attacks have only become more frequent and more sophisticated, further raising the expectation that virtually no business is completely safe from these types of threats.

It is now imperative that in addition to devising procedures to protect themselves against a cyber or malware attack, companies of all sizes should have a plan in place regarding how to react should that attack occur.

Cyber attacks can compromise user financial information, private data and company resources – and can entirely cripple an organization, either for the short term or over the long run. Some malware attacks are immediately evident, while others can take up to 6 months before the IT department flags the suspicious behavior. The most important aspect of responding to a cyber attack is to have a plan of action which kicks in at the moment that the attack is discovered.

Immediate Technical Steps to Respond to a Cyber or Malware Attack

As soon as the IT staff is aware of a problem, it is necessary to collect the relevant facts. This is important both in order to communicate the correct information to management, shareholders and customers; but also to understand the scope of what you are dealing with. Basic information includes what is the nature and scope of the attack, when did the attack take place, how will this situation affect customers, which resources were affected, and who are the targets/victims of the attack.

Once your IT staff has a handle on what has occurred, you will want to isolate and contain the problem.

• Separate sensitive data from the general network.
• Encrypt banking and login information.
• Reset all compromised logins, utilizing secure passwords – cyber security experts recommend including a random string of uppercase letters, lowercase letters, symbols, and numbers.
• Add two-factor authentication.
• Uninstall all files affected by the attack, then reinstall a clean copy so as not to spread the virus attached to the file.
• Apply all necessary security patches, in order to update the programs or operating systems. These patches are designed to fix any bugs or holes which may affect your security.

Identify, isolate and remove all files installed by the malware attack. IT analysts should then investigate these files to achieve a better understanding of what happened – as well as to hopefully identify the criminal behind the attack, the vulnerability he exploited, and how to effectively protect the company from another similar attack.

If you do not have a cybersecurity professional on staff, you may wish to hire one to help you to navigate through the next steps.

Damage Control after a Cyber or Malware Attack

Companies who experience a security breach should always inform clients and affected parties immediately upon knowing the basic facts of the situation. Although it may be tempting to try to hide the fact that you were a victim of this type of attack until you have it completely under control, you could pay dearly in the future for your dishonesty – in loss of customers and consumer confidence, and even class action lawsuits.

Best practices dictate that your company have a plan of action as to how to communicate a data breach to your clients long before a situation arises. Prepare a statement and fill in the blanks should you need it – identifying the problem, assuring the public of the steps you are taking to fix the problem and protect their data, and ongoing procedures to set things to right.

Expert Tip: Insurance companies are beginning to offer cyber liability insurance to financially assist companies after a disaster, whether it be to hire PR firms, purchase new equipment, or compensate victims.

Alliance IT employs a team of technical experts well-trained in cybersecurity issues, prevention, and recovery. Don’t wait until an attack occurs – call us today to protect your clients and your company.