How to recover from a cyber attack

October 2nd, 2019
How to recover from a cyber attack

How to recover from a cyber attack - blog feature image 900 x 300

What is a cyber attack?

A cyber attack is any breach to, or hack of, your servers, systems, internet and data storage from an outside party with malicious intent. It includes things such as phishing, installing malware, data theft and ransomware (where access to your data is restricted until you pay a ‘ransom’ for its release).

Attacks by cyber criminals are on the rise, and every business that relies on technology in any way is at risk.

The impact of a hack can be significant – loss of sensitive information, damage to reputation, loss of clients, business downtime and loss of income.

The effects of a cyber attack are unpleasant and distressing. Sometimes they happen through human error or vulnerabilities in security. It’s worth remembering that hackers are increasingly sophisticated when it comes to targeting businesses, especially those companies who can’t afford to invest a lot in their data protection.

If you’ve already been the victim of cyber-attack, you probably know what’s required, but here is a refresher for you. We’ve also put together some suggestions on how to prevent an attack happening again.

You should always consult with your insurance company, legal advisers and law enforcement (local, national police, or the likes of Action Fraud) to ensure you are not going against their requirements to help you.

If you’re looking for basic steps, here’s what to do.

Initial steps to take after a cyber attack

In the event of a breach or hack, there are some things you need to do immediately to limit the damage to your business:

1. Data isolation and restore

If your data has been delayed or compromised, you need to be able to reinstall it as quickly as you can.

Depending on where and how your data is stored, this may involve accessing cloud storage, an off-site facility or using tape backup. But before you do this, you should make a copy of the data which has been hacked so that you can carry out forensics on the attack.

2. Business as usual for staff

Where possible, staff should be supported to work as normal during a breach or system outage. If that’s not doable, there needs to be something in place where they can work offline.

3. Communication channels

Make sure staff can communicate with each other via offline methods – phone, text (so long as their devices are secure) or face to face. You need to keep them informed of how the situation is progressing.

4. Advise clients of situation

If appropriate, let clients know about the cyber-attack. Tell them what you’re doing to resolve the situation, how they can contact you and when you’ll next update them.

Ideally, if you have things under control quickly and client information isn’t compromised, you won’t need to speak to them.

5. Compliance issues

In the event of an attack, is there anyone you need to report the breach to? For instance, if you have contracts with the Ministry of Defence, you would have to let them know. You may also need to consider what steps to take in terms of GDPR regulation.

6. Advise other interested parties

Again, where necessary speak to suppliers if their data has been breached or if there’s going to be a problem with your side of the work. Likewise, if you’re part of a supply chain, you will need to inform either the management team or the IT department.

7. IT support partners

If you work with an external IT company, let them know as soon as possible. A good partner will be able to help you with data restore and getting the business back on track.

How to Recover from a Cyber Attack - quote (900x300)

Preventing future attacks

Once you’ve dealt with the immediate problem of a cyber-attack, it’s vital that you take action to prevent it happening again.

Here are some things you need to consider:

1. Review your storage

If you can identify the weak point which allowed the hacker to get in, or if data restore takes a long time, you may need to reassess your storage solution.

If you’re using a public, shared cloud facility, look at investing in something more secure and private. If you’re using offsite storage, can you find someone with a faster response time?

2. Invest in a backup and recovery solution

Following on from this, you need to investigate what’s available to have your most recent data backed up and how you can recover it. This post will help you with that.

3. Write a cyber incident report plan

You can read more about this here, but essentially, the plan is a checklist for the steps the IT department should follow if there is a breach or hack.

If you ARE attacked again, you’ll have clear guidelines on how to respond. Make sure it’s available offline too.

4. Perform a cyber security risk assessment

This assesses the risk level of your cyber security systems and what you need to do to protect your information. Working alongside your internal or external IT support team, you need to identify vulnerabilities.

Our blog on the risk assessment goes into more detail, but one of the most important aspects of it is to establish a single point of failure - anything within your system that could cause everything to fail if it breaks or is compromised.

5. Define your disaster recovery strategy

Clear documentation of policies and procedures are key to having an effective prevention plan, and a swift response to minimise the damage if you can’t stop an attack.

The recovery strategy outlines what needs to be done, how and when. Read more here.

6. Business continuity

We’ve talked about the importance of business as usual for your staff and clients, and business continuity needs to be included in your disaster recovery strategy.

An important aspect of this is the recovery time objective (RTO) - how much time is allocated for everything to be back up and running after an incident, so that there is minimum disruption to the company.

7. Invest in external support

If you’ve suffered a significant cyber attack, data has been compromised and recovery time was longer than expected, it may be time to invest in an external IT partner, particularly if you don’t have an internal IT department.

The benefits of working with an IT support company are that they are available 24/7, and can therefore respond quickly to an attack or potential threat. They also have a better understanding and greater expertise when it comes to cyber protection so can advise on how best to manage your risk.

They should also offer their own secure, cloud storage, data backup and recovery solutions.

ATG’s 5nines product is trusted by many of our clients, because we guarantee to get them back up and running as soon as possible.

Learn more about our offerings here, and get in touch to discuss what’s best for your business needs.