The First 24 Hours: Your 7 Step Cyberattack Response Plan
Logging onto your device only to find that you’ve become the latest victim of the current wave of cyberattacks sweeping the country is one of the scariest moments for any internet user.
When your data is on the line and time is of the essence, it may seem natural to panic, but that’s the last thing you should do. The first 24 hours following an attack is a crucial time window for limiting damage and restoring systems, and you’ll need a plan in place to respond effectively.
By following the series of steps outlined in this article, you’ll be able to assess the scale of the damage, take proactive steps to mitigate data loss, and hopefully emerge from the cyberattack with all (or at least some) of your data and your company’s reputation intact.
How to React When Hackers Strike
The first thing to do after a cyberattack is to remain calm. Notify management of what has happened and start taking steps to assess and mitigate the damage by following this structured step-by-step incident response plan; Identify, Isolate, Notify & Protect, Analyse, Report, Reset, Protect.
Here’s what you need to do:
1. Identify the Attack
A ransomware attack typically starts with a message from the hackers, stating that your data has been compromised and providing further instructions, such as the ransom amount and how to pay it.
Whatever you do, don’t even consider following these instructions until you’ve completed the next step.
2. Isolate the Affected Systems ASAP
Your priority following a cyberattack is to isolate the device or network that has been compromised. This means powering down and disconnecting the device from your network without delay.
These steps may help to slow the spread of malware or ransomware to other devices in your organisation.
3. Notify and Protect Your Network
Alert key personnel such as your IT manager or outsourced networking consultant immediately. Once they are available, convene a “war room” with the IT department, management, and possibly legal and PR advisors to mitigate the potential damage to your network and your company’s reputation.
4. Analyse the Damage
There are several types of damage a cyberattack can cause:
- Financial damage from lost data and downtime
- Damage to your computer network that may take time to restore
- Reputational damage that your business may suffer if the cyberattack becomes public knowledge.
It’s important to realistically assess the worst-case and medium-case scenarios and start fixing the damage as soon as possible.
5. Report the Incident
Cyberattacks must be reported to the Cybersecurity Hub at the national CSIRT as soon as they occur. In cases where fraud is suspected or a large amount of customer data has been leaked, you may also need to report the incident to law enforcement authorities.
6. Reset, Patch, and Update
With the help of a trusted IT professional, reset your computer network, patch the vulnerabilities that allowed the attack to occur in the first place, and update your files with the most recent versions from your secure cloud backup.
This will help you get your business up and running again.
7. Post-attack security upgrade
Finally, be sure to remove any malware that hackers may have installed to gain access to your network and prevent similar attacks from taking place weeks or months down the line.
Implement a total data protection plan
To help ensure that your business is prepared for future cyberattacks, if you don’t already have reliable cloud backup and a secure data protection plan, this would be the time to upgrade your security.
Secure cloud storage, particularly comprehensive encrypted data storage solutions like our
Total Data Protection package, will help keep your sensitive files safe in the cloud.
Trust Soteria Cloud to safeguard your valuable data while focus on your core business. Get Total Data Protection today.
