Cyber-attacks can have serious consequences, including financial losses, damage to reputation, and even loss of life in some cases. As such, it is important for organizations and individuals to take appropriate measures to protect against cyber-attacks.
If you have identified a breach in your IT systems, it is important to take steps to secure the systems and contain the breach as quickly as possible. Consider implementing additional security measures, such as firewalls or intrusion detection systems, to protect the affected systems and prevent further breaches.
Steps to take
Step one – React
- Remove the compromised device/devices from the network
- Identify the compromised device. This may involve looking at network logs or monitoring tools to determine which device is causing problems on the network. Disconnect the device from the network. This can typically be done by unplugging the device from the network or disconnecting it from the wireless network.
- Ensure there are no other intrusions on the network
- Following a breach, the first key step from a technical perspective will be to secure the IT systems to contain the breach and ensure it is not ongoing.
- This could require that the organisation must isolate or suspend a compromised section of its network temporarily or possibly even the entire network.
- Consider how and when the breach was detected, and whether any other systems have been compromised. Organisations should have in place suitable measures to ensure that any network or other intrusions are detected immediately.
Step Two – Investigate
- Discover how the intrusion happened
- Find out how it got reported and how long it took
- Create an investigation report
- An investigation will need to be carried out as to the facts surrounding the breach, its effects and remedial actions are taken.
- It is important to feedback the conclusions from the investigations into the policies and procedures in place and the incident response plan and to ensure that employees are given appropriate notice and training on them.
Step Three – Changes/Lessons Learned
- Decide on any changes required to security
- Educate staff on cybersecurity through training
- It is important to thoroughly review the investigation report to conclude on any security changes required to the network.
- New staff training or a refresher session should be implemented to ensure they are aware of the common cyber-attacks.
Step Four – Implement Changes/Restore Service
- Implement any extra security changes to the network
- Restore service to the organisation Core Assets/Documentation/Technical Documentation/Cyber Essentials 1
- Monitor network
- It is important that any agreed security changes are implemented efficiently to help avoid any further network intrusions.
- The organisation’s service needs to be restored as soon as the network is clear of any intrusions and the extra security measures are in place.
- Any affected data can be restored from backups and removed devices can be connected to the network again once cleansed.
- The network must be monitored over an agreed period to ensure the security changes and staff training has been efficient.
Contact Pisys if you suspect any sign of a cyber-attack on your business.