So, I’m Hacked. What Now? A Short Guide for SMEs In the Digital Age.
Guest post by cyber security consulting firm Pragma Strategy
If you speak to anyone about cybersecurity, the chances are that you will be advised to take a proactive approach to cybersecurity. That means you put in all necessary security measures to anticipate and reduce the likelihood of an attack. However, most businesses, especially SMEs, tend to deal with cybersecurity reactively - it's not discussed until an attack happens. The biggest problem here is that these businesses do not have adequate processes or plans for a cyber attack.
First, what is a cyber attack?
A cyber attack is an illegal activity where a computer system, application, or network is attacked with the intention of stealing, destroying, or sharing digital assets.
Since 43% of cyber attacks were targeted at SMEs in the past year, business owners and IT heads need to be prepared for one. This article explains the signs of a cyber attack and the initial containment steps you can take to reduce the impact.
Signs of a breach
The first sign that your systems are under attack is when you notice unusual activity in your systems.
Maybe a server is slowing down recently, or you’ve noticed emails going out to clients that you don’t remember sending. Those are warning signs that someone else is using your systems and should be checked.
You may also notice increased logging activity or activity outside of regular working hours if you have monitoring tools set up.
Some businesses may also receive complaints from customers receiving unsolicited communications or even invoices being sent with unusual banking info.
Having your staff understand that they are part of your organisation’s security is also essential, as even the best security systems are only as good as how you use them.
So, you’ve checked your systems, and you’ve found signs of a hacker. What do you do?
The first thing to do is isolate your systems from the internet, as this is usually the best way to cut off the hackers from your system. This is because the hackers will want to maintain a connection to sneak around your systems, look for valuable data, and take remote control of your machines.
Once you’ve disconnected your systems, remember NOT to turn them off unless you see something very destructive going on. Most hackers WANT you to shut your PC down because it removes some crucial signs of their activity from your system—kind of like how waves wash away footprints in the beach sand.
The final step to your first reaction is to check your backup systems. You should isolate your backups from the rest of your system to protect them.
Now, if you’ve discovered suspicious signs in your online services and accounts like Office 365, accounting software, cloud storage, or emails, it’s time to lock things down. Have an IT admin log everyone out of all devices, then initiate a password reset. The tricky part comes next, as you’ll have to get all your users to log into their everyday work devices right away and change their passwords to something secure.
If you leave too big of a gap between your reset and a new login, it may allow the hackers to do the reset themselves and continue hijacking the account simply!
Next, you’ll want to implement Multi-Factor Authentication or MFA. MFA means that your users will now have to know the ID and password for the protected account and possess a physical device such as a phone or key generator to log into that account. A study by Google has shown that MFA security blocks between 90-99% of all unauthorised entry attempts! Any account that deals with sensitive or valuable data should be given this extra protection.
Outsource Your Risk
A professional Incident Response team provides the necessary expertise you need to deal with a cyber incident quickly and effectively. Most companies don’t handle incidents every day (and you wouldn’t want to, either!), and as such, they lack the knowledge, preparation and experience for it. It could be a massive waste of resources to prepare for every possible risk your company experiences.
Therefore, it can be more efficient to simply outsource your cyber risk management to a Cyber Security provider or purchase Cyber Risk insurance. Getting a professional team to manage your incident will allow your company to avoid panic, save time, and focus on getting back on your feet as soon as possible.
How can Pragma help?
An Incident Manager and Incident Response Team will be put in charge of your case to guide you through eradication, containment, to recovery.
We will perform Security Testing of your company’s systems.
Use our Digital Forensics services to help determine the root cause.
Advice on security recommendations to remediate and improve your company’s protection.
Support you on implementation, so you can rest assured that you’re doing things right.
Pragma is a global Cyber Security Consulting firm that serves leading businesses, governments and not-for-profit. We help organisations strengthen cyber resilience and safeguard valuable information assets with a pragmatic approach.