When you experience a higher number of pop up windows than usual, a slower processing speed or passwords being changed without authorization, you might think that it is just a system error; but these are all tell-tale signs that you have been hacked. It can happen to anyone. Below are steps you can take to respond quickly and recover from a network attack:
#1 Verify an Attack Has Taken Place
Begin researching to verify that an attack did occur. Find out what systems may have been hacked, what IP address the hacker used and the method of attack, whether it was a phishing page, virus or other malware. Your router and firewall should have diagnostic tools available to help find out where the attack originated. You should also consult your IT team or any third party vendors that you use. If necessary, you can hire a network security professional.
#2 Contain any Damage While Preserving Business Assets
Your first response might be to move your entire network offline. However, this kind of rash decision has further negative consequences, ceasing company operations and possibly damaging client relationships. Responding appropriately means isolating the impacted applications and taking down only the servers or computers hosting them. While researching your issue, try to take as few parts of your network offline as possible.
To figure out exactly what damage has occurred, compare the configuration settings currently displayed against the settings from the last stable system back up.
Deleting any content that a hacker may have posted and removing malware from your systems is a given; but make sure to preserve evidence that your network was attacked. This will make it easier to build a legal case against those who attacked your organization’s network.
#3 Decide Whether to Make a Public Statement
It may be necessary to inform the public about the attack that has occurred if any of their information was compromised. If your organization is working with a government agency, it will most likely be necessary to inform them of a security breach. Consulting a legal team will give you proper guidance in these matters.
#4 Clean Up and Restore the Impacted Systems
If you had a far-reaching attack, it will be necessary to prioritize which servers and computers you clean first, starting with the most critical components of your business. Change all passwords across your organization, even on machines that weren’t impacted by the attack. Restore affected systems to their default settings.
#5 Close the Network Gap and Increase Security
Once you have determined the method of entry, make sure you add proper security measures to eliminate any vulnerability. Afterward, increase security across your network and update all software to the most current version.