Back to Blog

How to Respond to a Cyber Attack

business security tech Dec 22, 2020


This can also be used as a guide for how your IT provider should also be responding to a form of breach or cyber attack in your business.

Do you know the single most frustrating thing about working in IT? Maybe it’s the fact that actually switching things off and then on again fixes like, 103% of issues, or that there’s a conspiracy that the only reason viruses exist are because the people who make the virus software, also write the viruses…

No, the single most frustrating things about working in IT, is seeing when other people who work in IT are doing a bad job. Seeing people who think that doing ‘IT’ is just the case of throwing in some anti-virus and migrating someone to Office 365 or Gmail and then it’s done…. because it’s not! It’s way, waaay more than that. Write me a comment to tell me about a horror story you’ve experienced with some ‘expert’ doing something they obviously weren’t an expert on. I would love to hear your stories! 

We all know that just like every other business out there, you need expertise to do what you do. Lawyers have to pass the bar, accountants are regulated by becoming chartered accountants – but IT Companies…. aren’t. To become a registered Microsoft Partner, all you have to do is pay them the annual fee… and as you work up to silver and gold partner, you just need a few qualifications and again, to pay Microsoft more money…

There are no true regulations or guidelines, just the perception to the customers that they are doing a good job, so they sell more product and get great feedback which then lets them climb the ladder further. Wah – Rant over. Let’s get back to the subject of cyber attacks, and more specifically how you or your IT company should respond when you get hit by ransomware or a virus or phishing … whatever it may be. This is something close to my heart as it’s something we saw time and time again in my last business when speaking to new customers. They’d have a breach, all of their machines would get encrypted, their IT guys would restore everything, and then a few months later the exact same thing would happen again.

So what are they doing wrong? The answer to that is here in my 4 step plan to recover from a cyber attack.

Step 1

React. Unplug the internet, disconnect the network from your machine, switch off your PCs, switch off your servers – whatever you need to contain the breach and stop the issue from spreading.

If one of your PCs has been infected with ransomware, then it may slowly be working its way across the network. This is the reason why regular staff should not have admin permissions to their PC. Even though it may frustrate them not to have full access. Limit the access, limit the risk. Stay Home, Save Lives, Protect th…. oh

If it’s a concern over a breach of email security, then you can lock the email accounts out from any form of external access. Change the passwords on any account you think is breached to prevent anything further from occurring, but generally look at the issue you are experiencing and take the right steps to lock off access.

Step 2

Fix it. You need to find the source of the attack. Typically it will come from a particular PC or user. Some easy ways to see this are to look at which user has modified the files that are now encrypted as it will likely point you to the source of the infection.

For compromised email accounts, do some digging and follow the email chain if you are dealing with emails that have been intercepted and had bank details changed. Once you find the source of the attack then you can disconnect it from the network, reset user passwords and get to work on restoring everything from backups, because – you do have backups right?

Now, steps 1 and 2 can be done at the same time. I can think of many times we’d be finding the root of the problem and in parallel we’d be fixing things, resetting passwords, running wide scale virus scans on everything, more out of precaution than anything just to be safe, and depending on the exact attack you’ve experienced, you may feel that these are still necessary.

Step 3

The VITAL Step 3 is the one and SOLE reason why SO many it companies fail right here.

Step 3 is the ‘Never Again’ step. Sit down and look at what has happened. Reflect on what you did and put in steps to make sure this particular attack never happens again. Technical things like Tightening up your permissions, locking down firewall rules, and generally blocking however that thing made its way in to your network. But also non technical things like investing in some regular training for your staff to teach them about phishing emails, training them on spotting them so the likelihood of them clicking on one again is much lower.

This step is vital to ensuring that you learn from any mistakes and SO many companies don’t bother doing this. Don’t expect to just fix the issue and everything goes back to normal, because it’s only a matter of time. If you’ve suffered a breach and your IT provider hasn’t come back to you with an explanation on what’s happened, how it got through and what steps they’ve taken to prevent this again in future – then maybe it’s time to look around. 

It is admittedly sometimes difficult to figure out the source of something. There are some technical limitations – if it’s an issue that has been lingering in your network for a while, logs don’t always go back far enough to identify where it’s come from – but at least an educated guess and putting in steps to avoid it happening once again will go some way to protecting you.

Step 4

And finally step 4, report it.

You have an obligation to report this breach to the authorities so they are aware and can provide any support that might be required, even if all you become is a statistic for them, it helps them assign the appropriate resources in future. You also have an obligation to report this to the likes of the ICO and your own customers if there has been a breach of customer data. Or face serious fines if you don’t.

Those are my 4 steps that I recommend when dealing with a breach, and if you wanted to learn more about how you should be protecting your IT then may I recommend my very first… slightly cringey video which is all about how to protect yourself.

Tools to Run Your Business

Non Related Useful Links

This. But in your Inbox!

Get the latest Blogs, Resources, Templates and Courses straight to your Inbox. 

We hate SPAM. We will never sell your information, for any reason.