Mindaro | Finally, insurance made simple!
My profile
Home
About
Partners marketplace
Become a partner
Support
Blog
Claims
Privacy policy
Terms & Conditions
hello@mindaro.io
March 15, 2022

A step-by-step guide on what to do after a cyber incident has been discovered

Not being able to work due to a hacked network is bad enough, but it can get even worse if the attackers get a strong hold on your companies’ network due to poor management...
Denis Senchishev

Co-Founder & COO | Mindaro

Not being able to work due to a hacked network is bad enough, but it can get even worse if the attackers get a strong hold on your companies’ network due to poor management.

A cyberattack can prove to be devastating for a small company. As a matter of fact, 60% of small companies end up going out of business within a few months of becoming a victim of a cyberattack.

To be able to minimize the negative effects of a cyberattack, it is very important to have control over the situation and to act quickly. This is only possible if you have knowledge of what steps to take when such an event takes place.

In this article, I will be going over all the steps you can take to minimize the damage done to your business once a cyber incident has been discovered.

Step 1

Disconnect Everything

Once all your devices have been isolated, it is time for your cyber security team to check each device individually. This will let you know how serious the damage was and if you will be needing help from cyber security experts to clear up the mess.
If a cyber attack infects just a few computers then it can be relatively easy to get rid of the infected devices and to get back on track. However, if your company network gets infected, then it can be very tough and time-consuming to get rid of the virus from the network.

Step 2

Identify the Infected Devices

As a firm that is thinking about hiring a third-party contractor, you must have a security policy in place before you authorise their access to your companys’ equipment.
You should require your contractors to have their equipment scanned by a security software of your choice. This will ensure that you can catch any malware before it even gets close to your systems.

Step 3

Identify the Type of Infection

So, after having followed through with the second step, you will have an idea of how serious the infection is. The next step is to identify the kind of virus you are dealing with. Of course, depending on the type of infection, this can get a little complicated depending on the nature of the attack. Obviously, some attacks are easier to identify than others, if your firm was attacked by ransomware, then your attackers will try to make contact with you directly to extort money.
However, other forms of infections, like spyware can be quite harder to detect if they are well-developed. Simpler forms of malware can be detected by security softwares whereas more complex malware can only really be taken care of with the help of experts.

Step 4

Notify Relevant Authorities

Now that you know what type of infection you are dealing with, it is time to notify the authorities. Not only can they help you in finding the attackers, but it is also important to let the authorities know that your systems have been compromised.
In the case of a data breach incident, it is required by law in some states to notify the public about the incident.
In a data breach, the sensitive data of individuals get stolen and the victims are left vulnerable to getting attacked. Identifying the victims of the data breach allows them to be prepared against an attack or protect themselves from identity theft.

Step 5

Change Passwords/Drives

Once your company systems have been compromised, it is only sensible to change all your passwords as there’s a pretty good chance that they have been stolen too.
The last thing you would want after a hectic cleanup operation is to just get attacked again because you missed the simple process of changing passwords to your company devices/software.

You can read more about setting strong passwords in this article.

If the storage devices of your systems have been affected, then the only safe way to get back to work is to get rid of them altogether. Depending on how competent your attackers were, they could have compromised the drives in the hopes that you will reuse them.

Step 6

Don’t Rush

Unfortunately, you just have to put up with the downtime that comes as a result of a cyber-attack. Of course, you would really want to get back to work the next day but it just may not be possible or safe to do so.
What matters more than opening up as fast as possible is to ensure that your systems are free of any viruses. Rushing to open up may not leave enough time for you to do a proper cleanup and can end you up in greater trouble than you started with.
So, just let your team of cybersecurity experts clean up the mess while you identify what caused the breach to occur in the first place. Knowing the source of the incident will allow you to not repeat the same mistake twice.

Looking for a Personalized
Cyber Policy?

Get a free quote now