While putting cybersecurity at the top of your business agenda can go a long way in preventing cyberattacks, it's almost inevitable that a breach will eventually occur, and knowing what to do if one does occur can be very important.
SoGlos has compiled top tips from the National Cyber Security Center that could save your business or organization if the worst happens.
unplug
If your business or organization experiences a cyberattack that infects it with malware or ransomware, immediately disconnect the infected computer, laptop, or tablet from all network connections (whether wired, wireless, or mobile-based).
disconnect from the internet
In very severe cases, consider whether you need to turn off your WiFi, disable core network connections including switches, and disconnect from the internet.
Reset the system
Reset all credentials, including passwords, especially for administrators and other system accounts. However, be careful not to lock yourself out of the systems you need for recovery.
Erase all infected devices
Securely erase the infected device and reinstall the operating system OS. This will securely erase all data from your hard drive and make it unreadable. Ideally, you should already have a backup system in place.
Please double check before restoring your system
Assuming you perform the above wipe of an infected device, make sure it does not contain malware before restoring from a backup. The NCSC states that you should only restore from a backup if you are sure that both the backup and the device you are connecting to are clean.
Only reconnect after making sure the network is “clean”
The same applies to all other devices. When downloading, reinstalling, or updating your operating system and any other software, connect only to “clean” networks.
Run antivirus software
Once all of the above is done, don't forget to install, update and run antivirus software on all your devices as well.
Don't rush to reconnect
Reconnect to the network only after performing all the steps above. If you reconnect too soon, you risk reinfecting your system and undoing all your hard work.
Please continue to be cautious
Even if you have done all of the above with utmost care, monitor your network traffic and run an antivirus scan to see if the infection remains. It's better to be safe than sorry.
Also keep an eye on the NCSC website. This website has even more advice, including the helpful document “Technical Approaches to Detecting and Remediating Malicious Activities.”