If you suspected your business was compromised by a cyber attacker, what would you do first to find help? If your first thought is to search online, what would your keywords be in the search?
We encounter this all the time and would like to offer some concrete suggestions.
First, contact a local IT firm that either specializes in cybersecurity instead of a local break-fix shop. Usually, you will be searching for Managed Service Providers. MSP’s are better suited to both understand and have the tools readily available to best assist you.
With any compromise, there are two immediate goals. Identify the ingress point and sever access. This process includes looking at your network equipment, servers, and computing endpoints.
Once the entry point has been determined and blocked, it’s time to complete a network forensics review. During this time, each machine is run through several virus and malware scans. In addition, we utilize a threat hunting service that can detect current and past malware footholds.
An often-overlooked part of the process is reviewing the firewall and server configuration to ensure no external access is permitted to internal systems. Eight out of ten times the main ingress point is a firewall rule allowing access to an internal server or other computing resource.
A common error is getting a compromised server cleaned, then putting it back into service too soon. Checking the network level rules before placing servers back in operation is a best practice to avoid more downtime or re-infection.
Ensure that all of your computing devices have next generation anti-virus solutions. Have an enterprise class router with active security services. Always use a VPN to access internal systems from outside instead of Remote Desktop Connections or other similar software, especially when dealing with PII or your own financial data.
Double check your backup policy and data retention rules. Test your backup with a fire drill at least quarterly. Use a company, like us, that offers fully managed backup with human monitors.
With a few simple steps, you can improve your security posture, mitigate your risks, and recover faster from an attack.