Even with the best security in the world, you have to accept that there is a risk of your computer systems being hacked, and this means you need to think about what to do if this does happen. Hackers are relentless in their pursuit of gaining access to places they shouldn’t, and you risk your private business data and confidential customer data being accessed, as well as viruses or malware being placed in your system.
Vigilance is crucial, so here is a three-step guide to recover when you find your business has been hacked:
A sensible approach is to assume the worst and hope for the best, so start by quarantining all computers on a network until you are 100% sure that they are completely clean. Disconnect WiFi through hardware if at all possible to avoid slippery hackers making your computer look like it’s off the network when it’s still connected.
Additionally, turning off the WiFi manually at the router will ensure that nobody is accidentally still connected to the web when they think they have switched off their connection. It may be a belt and braces approach, but sometimes this is required to prevent damage.
Even though it seems that these days never a week goes by without a newspaper report of some major, highly sophisticated hacking attack, the fact is that most hacking attacks are opportunistic and fairly easy to deal with rather than being the products of criminal genius.
You will want to briefly reconnect to the web to make sure that your anti-virus software’s virus definitions are up to date (there is no point searching your machine for baddies when the brand-new virus you have acquired is not yet catered for by your software). Once this is updated, scan every machine and let your anti-virus and anti-malware software identify, quarantine and delete every infection they find.
If there was a lot of infected detritus, you may want to re-scan once it has finished.
If you’ve isolated your computers quickly, the malware should have had minimal time to spread. However, if a drive is really damaged or belongs to a particularly important machine, then you may want to replace it.
When your members of staff have their PCs returned to them, they should be prompted (ideally in a way they cannot ignore) to change their passwords. You will also want to change the passwords on back-end devices such as web servers.
There is a distinct possibility that you will find that the security breach was caused by someone not following the correct security policy. This was probably accidental and due to laziness or not knowing the best course of action, rather than someone with malicious intent, so it is probably time to update your staff training on computer safety and security and make sure that everybody who has a login also has a secure password.