DEALING WITH AN ATTACK

Would you know what to do in the case of a cyberattack? Most people confess that they wouldn’t, which is why this Cyber Security month, we’ve put together some guidelines you can follow to help you to effectively raise the alarm, manage and contain the breach, and learn from the situation, so you’re better equipped to deal with future breaches, should they occur.

 

STEP ONE

The first step in dealing with a cyber security incident, like any emergency, is to raise the alarm to alert the appropriate professionals, so they can coordinate an appropriate response to the incident. It’s always important to; keep calm, and assess the situation, take screenshots if you’re able to, report the breach to your IT team, take note of any actions you need to follow and don’t forget to inform your own team/department - an important step if you have shared folders.

STEP TWO

Leading on from this, the next step in dealing with a cyber security incident is to manage and contain the breach as best as you can so that it doesn’t escalate further, potentially causing further damage. The precautions we’d advise you to take are to; install any pending security updates or patches, disconnect affected device/s from the internet and disable remote access on affected device/s. Once you’ve followed these steps it’s always a good idea to change passwords and credentials and don’t be tempted to switch off any affected device/s, as doing so could destroy evidence that can help to uncover who the attackers are and what they’ve done.

STEP THREE

Last but not least the final, but arguably most important step in dealing with a cyber security incident is to learn from the situation, so you’re better equipped to deal with future breaches, should they occur. It’s important during this stage to not be too harsh on yourself as attacks can happen to anyone, reflect on what went well and what didn’t and identify areas for improvement; undertake any relevant training and change bad habits to improve security.
 

These steps are essentially what we’d refer to as ‘first aid’ as they will help you to deal with a cyber attack, before the professionals are able to take over and assist. However you should always refer to your Organisation’s Cyber Security policy, as this will help to explain in more detail the specific processes that are in place to protect your organisation, yourself as a member of staff, and the devices you are working from.