Small Business Cyber Security Response and Recovery. Part IV – Resolve the incident
Part 4 – Resolve the incident
Once you identified what type of cyber attack you have been subject to, collected all the necessary information on it, and contained the incident (these steps were described in part 3 of this series) it is time to resolve the situation and get your business up and running as soon as possible. This includes making sure that all your IT infrastructure is functioning normally and any problems caused by the attack have been fixed. If you outsource the management of your IT to an external service provider this is the time to contact them to help you fix the problem and help you restore your operations back to normal.
If you manage your IT infrastructure yourself, it is time to put the incident plan you prepared in step 1 (see part 2 of this series) into action. What you will have to do will depend on what type of cyber incident you have suffered and with what consequences. Some of the possible options are:
- change your passwords – and we mean all passwords. Not only the ones guarding your computer but also passwords to all your online services and accounts. This should be one of the first things you do after realising your security has been compromised. Be sure not to use the hacked computer to change your online passwords but a different device that you know for sure hasn’t been affected.
- replace infected hardware – some malware can cause your CPU to overheat, can ‘fry’ your RAM, blow your NIC (Network Interface Controller), or permanently infect your Hard Drive. And although it is rather rare for a computer virus to cause physical damage to your hardware, certain types of malware can be so hard (if not next to impossible) to eradicate that it is safer and more prudent to replace such affected piece of equipment.
- clean infected machines or rebuild the system – if the infection was not too serious it should be possible to repair it with the use of a computer virus or similar virus removing applications. In some cases, however, where you cannot repair the infection (let’s say some of the files crucial for the running of the operating system are infected and the only way to get rid of the infection is to get rid of the files themselves and in effect disabling the operating system from running) you might have to rebuild the system. You might also want to rebuild the system to make absolutely sure you have got rid of all possible infestations. Use the built-in utilities to reinstall the OS. Don’t use your backups for this purpose as they may have the same vulnerabilities that allowed the hacker to gain access in the first place.
In instances where affected hardware is old, you might be better off buying a new computer or relevant hardware.
- restore services through backup – hopefully, you were provident enough and have a backup of your data from which you can restore your business-critical information. Now is the time to use it. As mentioned above, use your backup only to restore your data rather than the whole system.
- patch software – applying most current patches to all your third-party software such as OSs or firmware is a very important cyber threat prevention practice. It fixes vulnerabilities in your software and applications which make them prone to cyber-attacks.
Depending on the level of complexity of restoring your system you might want to consider the services of a cyber security consultant. If so, ensure you use a reputable party, understand their experience, and know how their offer meets your needs and your business type.
Do you require help with preparing for and dealing with cyber incidents?
If you have any questions or require help or advice on preparing for and dealing with cyber incidents, please contact us at SEQRED.
SEQRED specialises in all areas of cybersecurity including Critical Infrastructure Protection, Cloud Services Security, Audits or Threat Intelligence. For a full list of our services visit our website – www.seqred.pl
Stay safe rather than sorry!