Five Steps to Recovering From A Cyberattack
With cyberattacks constantly making headlines, it is only a matter of time before a company may have to deal with the ramifications of their system being compromised.
Companies such as insurance firms, doctors’ offices, etc. – those with access to clients’ personal data should have best practices in place to help guard themselves against ransomware and malware attacks.
Businesses should consider securing their network with a multilayer approach. By combing email and web security solutions with an endpoint anti-virus organizations will be more thorough in protecting security gaps. Web protection platforms complement email security and AV endpoints by blocking malware at the source, and by scanning networks in search of previously untraced malware.
Another thing businesses should consider to protect their system is a cloud-based strategy. This will allow solutions to be updated daily and ensure protection from new threats. Also, by having an online back-up solution, users can roll back all information to before the system was infected, undoing any damage.
Lastly, advances spam filters can help eliminate your risk of a ransomware or malware attack. Advanced filters can ban email form regions where you are not conducting business or you can change security settings to block macro-embedded Word documents or Excel files – both common entry points for ransomware.
However, as we know nothing is foolproof and at some point, you and your business may have to deal with a malicious attack. Because of this, it is important to have a good recovery plan in place to help mitigate time lost while trying to recover. If your system has been compromised, knowing exactly what needs to be done, how it needs to be done and the timeline in which it needs to be done is imperative.
Here are a few tips to help get you back up and running sooner rather than later:
- Properly segmented networks: Properly segmenting networks and limiting shared drives can make recovering from a malware event much easier. Doing so helps limit the spread of the infection inside a network and protects sensitive data from attackers attempting to pivot inside of the network.
- Backups: Be prepared to wipe a workstation entirely and restore from backups. This is especially urgent in the case of a ransomware infection where the files have been encrypted by the attacker. Make sure you are backing up at proper intervals to ensure minimal data loss. Be sure to test your backs ups to ensure data integrity and know that what is needed is being captured. You may also want to practice recovering from a backup. This will provide anticipated downtime and indicates areas where improvement may be made for a real attack.
- Ensure that data is being stored properly: All sensitive customer and company data should be stored, sent, and received using strong encryption. In the event you do suffer a data breach, this will make it much more difficult for the attackers to make use of the stolen data.
- Identify suspicious activity in your DNS logs: It’s always a good idea to do this whether you have been breached or not. You can identify infected endpoints on your network by finding this activity in your DNS logs. In the event of an infection or breach, focus on these logs for finding other potentially compromised endpoints that may have otherwise gone undetected.
- Alternate systems: Have alternate systems available to ensure continuity of operations while recovering.