“I’ve been hacked! What do I do now?” This is a question you never want to ask yourself, but someday you might have to. Hacks are becoming more and more of an everyday occurrence. What does it mean to be ‘hacked,’ though, and what should a business do after it happens?
‘Being Hacked’ comes in many forms. The term hacked is a catch-all statement that encompasses many attack vectors. These can include:
- Having data stolen
- Having your website taken over
- Being infected by a cryptovirus
- Having an intruder snooping around your network
- Etc.
While it’s impossible to answer every single response a business should take after being hacked within this article, we can discuss some basic strategies to consider.
Table of Contents
Identify How You Have Been Hacked
This may seem like such a ‘duh’ statement, but sometimes the answer isn’t always obvious. Do you have a cryptovirus spreading through your network? Was your website taken over? If you had data stolen, what was taken?
Accurately identifying the issue will help develop the solution. Each of these hacks listed can have very different diagnostics and remediation methods. Fully understanding what is happening within your IT infrastructure will help develop those solutions.
Create and Implement a Mitigation Plan
Here’s where the process starts to get tricky. After a business identifies precisely what happened, they need to develop a plan to mitigate any further damage. That mitigation plan then needs to be implemented quickly to prevent any further damage from occurring. Aside from preventing further damage, the business also needs to ensure any evidence isn’t destroyed. That evidence will be required for both filing police reports, if required, and analysis to create future mitigation steps.
Many hacks could be considered what’s known as an advanced persistent threat. This is what happened to Sony in their hack years ago. Sony had intruders walking through their network for four years before they realized they had an issue. Sony had everything from trade secrets, to employee information, to games and movies stolen from them.
Crypto viruses, also known as ransomware, are now a popular attack method. They are designed to extort businesses. One of the reasons crypto viruses are such potent attacks is that they hop from PC to PC and server to server by themselves. Crypto viruses then attempt to encrypt important files on each of these systems. The more data a cryptovirus can encrypt throughout the network, the more devastating the attack becomes.
Identify How the Hack Occurred
Now comes the arduous work. After the threat has been neutralized, the business must identify how the attack occurred. How did an intruder break into the network? How did a cryptovirus sneak its way in?
Unfortunately, answering this question can sometimes be impossible. Though it’s always best to know exactly what happened, sometimes businesses must rely on theories. Trained professionals and cybersecurity experts can develop very accurate ideas on how an attack occurred and what the most likely attack vectors were. Businesses will need to know this to create a strategy to prevent another attack from happening.
Implement a Solution
The hack has been mitigated, and the businesses now have a pretty good idea of how it happened. So, what’s next? Now the company needs to start fixing things, so this doesn’t happen again.
Solutions can come in all shapes and sizes. This is why all of those previous steps are so important. It helps to understand the entire situation, identify the stakeholders, and create an effective solution.
For instance, if a cryptovirus hit your business, that virus most likely entered the network through social engineering. Someone probably tricked an employee into downloading a file. That file launched the cryptovirus on their computer.
Once on the computer, that virus started encrypting all the essential files on that employee’s drive. While it started this process, the virus found other vulnerable PCs and storage drives on the network and spread.
The solution for a cryptovirus is complex and will require multiple steps. Here’s a broad overview of some of them:
- Wipe and restore any affected machines. It’s better to wipe a device altogether and start from scratch. Some viruses will go dormant and emerge again later.
- Perform social engineering audits on employees. This will identify which employees may need extra training. On-going training for all employees will also need to be provided.
- Ensure backups are working and are not affected. At the same time, many businesses don’t invest in backup solutions. This is a mistake. Backup solutions don’t have to be pricey. On the other hand, by not having a backup solution when one is needed, it could be a costly mistake.
- Test backups. Just because a business has a backup doesn’t mean it will work properly. They need to be tested regularly.
- A security audit of all PC configurations must be performed. The original crypto viruses depended on SMB 1.0 to spread. Making sure these types of protocols are turned off and aren’t needed, plus making sure user account permissions are correctly set, will go a long way towards preventing a cryptovirus from striking. Ensuring PCs are correctly configured, and proper permissions are set for user accounts can prevent viruses than most anti-virus software can.
This plan will change drastically, depending on the type of hack that occurred. Creating mitigation and remediation plans is a complex subject. It’s best to seek outside help to analyze the hack and figure out how to resolve it when one occurs. Better yet, start planning for that eventual hack now. Planning for it before that hack happens can help mitigating it from it ever occurring in the first place.
For more information about what you can do before/after you are hacked, please send us a message or call 480-493-5999 today!