Since the COVID-19 pandemic, there’s been an enormous uptick in the number of cyberattacks and the amount of damage they cause. This damage, which has disproportionately affected small and mid-sized businesses is now a top-of-mind concern for any organization that values its long-term stability and profitability.
While there’s been a lot of advice out on the Internet about the danger of cyberattack and the steps that businesses in Ohio can take to defend themselves before an attack occurs, there’s much less written on what practical steps an employee should take immediately after they’ve been struck by such an attack.
Here are the steps that we advise our clients to take to determine if they are truly a victim of a cyberattack, then contain that damage before it does serious harm to their organization.
How Do I Know I’m a Victim of Cyberattack?
The first challenge is to know if you’re experiencing a cyberattack or not. Hackers today go through great lengths to obscure their tracks, so it can be difficult for untrained employees to spot the signs of a cyber intrusion.
Spotting Ransomware
One of the only good things we can say about ransomware is that at least you know when you have it. A ransomware infection will announce itself with a message informing you that you’ve been attacked, and laying out details for how to (supposedly) recover your systems.
Cybersecurity training can help staff stop those attacks from happening, by spotting the phishing attacks that normally precede a ransomware infection, but that’s a topic for a different article.
The Signs of Other Malware or Cyberattack
But beyond ransomware, there are many different types of malware. Each of those types have their unique capacity for damaging your systems and stealing your data. Here are some of the common signs that your computer has been infected:
- Blue Screen of Death (BSOD)
When a computer completely crashes and you see the BSOD, it could be incompatible software, faulty RAM or hardware, but it could also be severely corrupted files and folders due to malware infection. - Unusual Computer Behavior
Has your screen saver changed itself automatically? Has the taskbar hidden itself or has the date suddenly changed? Those are all red flags that a serious form of malware, such as a “Rootkit” has infected your systems. - Network Connectivity Issues
When network activity appears intermittent or doesn’t work consistently, it could mean that a virus is occupying your bandwidth and not allowing other programs to function normally. - Slow computer performance
While not a definitive sign of malware infection, as slow computers can be caused for many reasons, a chronically slow PC that doesn’t get better after a reboot is a common indicator of malware infection. - Programs opening and running automatically
When applications behave erratically or open themselves it can be an indicator of malware infection, or that a script has been installed in Microsoft Word, Excel, or another application. - Irregular web browser performance
If a web browser starts to suddenly run slowly, it could be something as benign as some adware that you can remove without much work. It could also be something more serious like a Worm, which moves by replicating itself throughout a network and overloading system resources.
Addressing and Containing a Newly Discovered Cyberattack
If you notice any of the signs above or feel confident you’re the victim of a cyberattack for any other reason, then it’s time to take some mitigating steps.
First: Disconnect the Device from the Network
Any devices that you think is under attack should be immediately removed from the company network, by removing the Ethernet cable or by disconnecting it from WiFi. Don’t be timid here, especially in the case of cyberattack. If you get a notification or clear indication that you’ve been struck, you should pull the cord just to be safe. You can always reconnect it later.
Second: Notify Your Managers/IT Department
You must communicate to your staff the importance of not allowing feelings of shame or embarrassment to overcome the need to take the correct action. Organizations that cover up or delay their response to an attack will almost certainly amplify the damage of the cyberattack. Failure to address the issue early on could also cause large regulatory compliance penalties.
Third: Change Your Passwords
Once the system that you suspect is infect has been disconnected from the network, the user of the infected machine should then change their passwords for work-related devices and programs. If a hacker or piece of malware has compromised your credentials on one machine, there’s a very good chance they’ve compromised other devices.
Fourth: Collect Information About the Event
First, start with basic timeline of what happened and when. Try to document time frames, what you were doing when you noticed the malware, and how the malware impacted your system. This is essential information your IT team will use to understand the scope of the malware.
Fifth (Optional): Reach Out to Legal Counsel
Does your organization handle personally identifiable information (PII) that’s regulated by HIPAA, FINRA/SEC, PCI-DSS, or other regulatory compliance standards? If so, then you may want to reach out to a lawyer who has experience in the matter, so they can help you navigate the reporting process and minimize your compliance fines.
Did you know that implementing multi-factor authentication alone can reduce the risk of account compromise by 99.99%
The Things You Definitely Should Not Do After a Cyberattack
While your organization should be prepared to respond to a cyber incident, that doesn’t mean you need to panic either. In the heat of the moment, employees may make rash decisions which ultimately undermine their ability to properly deal with the threat. Here’s the list:
- Don’t treat every incident as a crisis. Stay calm until you understand the full scale of the attack and your risk exposure.
- Don’t tell your customers or regulators about the infiltration before you’ve gathered as much information about the event as you can.
- Don’t ever communicate with the threat actors directly.
- Don’t delete communications such as emails or text messages that you suspect have a role in the attack. That information will be crucial to the forensic process.
Start Safe with Proactive Cyber Defenses
It’s important that your staff know how to react to the early signs of a cyberattack, but preparedness doesn’t mean you can neglect your cyber defenses. A strong, proactive defense is the best way to lower the risk of intrusion, and contain the damage of a successful cyberattack.
Thank you to our friends at Astute Technology Management for providing this valuable information.