How to handle a suspected cybersecurity attack at work?
Recently, we helped a client through a simulated cybersecurity issue. It was a big reminder of how important it is to be ready and act quickly.
In the simulated event, an email from one of our clients was compromised by a hacker. The hacker used it to send phishing emails to a bunch of people, including some of our client's customers.
Our client wasn't sure what to do next, so they reached out to us for some advice.
Knowing how crucial it is to gather evidence and respond efficiently, we handed them a checklist that covers all the bases.
In this article, we will share that very same checklist with you.
It'll guide you through what to do if you ever think you're facing a cybersecurity attack.
Following these steps will help you protect yourself, lessen the blow if you get hit, and keep your sensitive info safe.
Think your computer's been hacked? The first thing to do is to stop using it, ASAP!
Continuing to use a compromised system is likely to make things worse.
Every action you take, from opening files to installing software, could overwrite important evidence that could aid in the investigation and identification of the breach.
Stop using the computer, and you cut the risk of more damage and losing data.
If you’re unsure about the seriousness of the breach or you’re not a tech whiz, then your company’s IT team or a cyber security expert can give you a hand.
They can guide you through the necessary steps to secure your system and prevent further damage.
Concerned that your email might have been breached? It's best to stop accessing it immediately!
Avoiding your email helps stop unauthorized access and misuse of your personal or sensitive info.
To keep the lines of communication open, it may be beneficial to transition to more secure avenues like voice calls, SMS messages, or platforms like Slack.
Let your IT department or security team know asap, so they can step in, secure your account, and investigate.
Also, change your passwords for all your online accounts, especially those linked to your email.
Make sure your passwords are strong and different for each account, and turn on two-factor authentication whenever you can.
This extra step makes it tougher for hackers to get in.
When you think you're under attack, jot down anything weird you've seen on your computer or network.
Take detailed notes, including when it happened.
This can help the IT experts figure out what happened and where it came from.
Write down any weird error messages, pop-ups, or if your computer's been running slow.
Also, make sure you're not writing these notes down on the computer you suspect has a security breach, pen and paper are enough.
The more you can share, the better the investigators can figure out and fix the problem.
If you stumble upon any suspicious websites or URLs, write those down too.
This info can help for later, like blocking those sites.
Sure, it's key to disconnect your computer from the internet and your local network to stop more damage or data leaks, but don't turn it off.
You could lose important data like running processes or network connections if you shut it down.
Instead, unplug the network cables or turn off Wi-Fi to isolate the computer while keeping it on.
This lets the IT investigators check out the system and collect evidence.
If you can, use a different computer or device to get help from your IT department or a trusted cybersecurity pro.
They can walk you through the isolation steps and give further instructions.
If you think you got a phishing email or an email with something harmful in it, don't delete it just yet.
Keeping the email can help the investigation.
Phishing emails can have useful info to help IT pros figure out the attacker's methods and maybe even who's behind them.
Send any suspicious emails to your IT department or security team for them to look into.
And get to know the common phishing tricks and how to spot phishing emails.
Places like the Anti-Phishing Working Group (APWG) and the United States Computer Emergency Readiness Team (US-CERT) have lots of helpful tips and advice.
When you think you're under attack, don't clear your browser history.
Your history could help the investigation and analysis.
It can show the websites or webpages you visited, possible entry points, or malicious downloads.
By keeping your history, you help the cybersecurity team figure out the attack method and how to stop it from happening again.
While you're at it, think about clearing any stored passwords, form data, or cookies from your browser.
Hackers may have gotten this info, and removing it can reduce future risks.
Even if you can't use your computer because of the suspected attack, you can still collect evidence with your phone's camera.
Snap pictures of anything you think might be relevant.
This could include error messages on your screen, suspicious files or programs, or even physical damage to your computer or network gear.
These pics can give extra context and visual evidence during the investigation and fix-up process.
Remember to take clear pictures that show all the necessary details.
If possible, include timestamps in the images or note them in your incident documentation.
In your notes, make a list of all the devices that were connected to your computer when you first suspected an attack.
Include things like mice, keyboards, monitors, printers, external drives, or any other devices connected to your computer or network.
This info can help investigators find possible attack routes and see if any more devices or systems might have been compromised.
Think about giving the make, model, and serial numbers of the devices, as well as any identifying marks or labels.
If you can, provide pictures or receipts as proof of ownership.
So, if you think you're under a cyber attack, it's key to stay calm and act quickly to lessen the possible damage.
By following this checklist, including stopping computer and email use, noting unusual behavior, isolating your computer, keeping evidence, and recording useful info, you're helping respond to the incident quickly and efficiently.
And don't forget to let your IT department or security team know asap for more help.
Q: What are some signs I might be under a cyber attack?
A: Cyber attacks often show themselves as strange computer behavior, unexpected pop-ups or error messages, unauthorized account access, slow performance, or unfamiliar files or programs.
Q: How can I report a suspected attack to my company?
A: Contact your company's IT department or security team right away to report a suspected attack. They'll walk you through what to do and start investigating.
Q: Should I get the police involved if there's an attack?
A: Depending on how severe the attack is and what happened, you might need to get law enforcement involved. Talk to your IT department or security team to figure out what to do.
Q: How can I stop future attacks?
A: Use strong passwords, keep your software and operating system updated, use trustworthy security software, be careful when clicking links or downloading files, and learn about cybersecurity to stay on your toes.
Q: Can learning about cybersecurity help employees spot attacks?
A: Yes, learning about cybersecurity gives employees knowledge about common attack methods, phishing tricks, and other warning signs. This can help them spot potential attacks and protect the company.