Hackers have devious ways of infiltrating your system and stealing your data. Crooks aren’t always after the biggest fish in the sea but instead rely on vulnerabilities to hack their way into your lives. So, potentially, everyone is a target. We will look at ways they can attack and how you can limit your exposure and damage should they be successful.
- Phishing-This is the #1 cause of a compromise. Phishing is a method used to gain access to or gather personal or financial information by sending legitimate looking email to victims that requires an action on their part. The action might be clicking on a link that takes the user to a fake web page asking for login credentials or delivering malicious code to the system. The action might be opening an attachment with the same results.
- Malware-Major types of malware include viruses, Trojans, spyware, keyloggers and cryptojacking.
- Mobile Apps– Some of these malicious apps may contain code that can steal your data. Do not allow an app to have unnecessary access to your critical data.
- Physical risks-Controlling physical access to devices and systems is a crucial piece of reducing your risks of attack.
- Unsecure networks– Lack of patching, weak passwords, outdated equipment and software, open ports and protocols can all lead to vulnerabilities of attack.
So let’s say that, in spite of you putting up your best defenses, a hacker has made their way into your network. You have identified the attack, the method used and the infected device. Isolation!! So you remove the device from the network. This is a vital step.
Now what? You need to see if the ‘infection’ has spread. What do you need to look for?
Knowing what type of attack you are dealing with can help narrow this down. If it is ransomware you can check for encrypted files on mapped drives. If it is password/credential stealing you need to change passwords. If this was an account with administrative permissions it is possible that the crook has hopped among different devices on your network. Check to see if any new users have been created with elevated permissions.
Once you have isolated the device and/or network you can begin the clean up. Ensure that you have a clean machine before bringing that device up on your network again.
Remember that communication is key during this process. Make sure that the appropriate people are notified of the incident and kept up-to-date on the progress. Use this as an opportunity to educate everyone about the type of attack, prevention and effects of the event.
Thankfully, you already have an Incident Response Plan in place so you are able to quickly recover from the attack with minimal damages and costs.
If you need assistance with a cyber security incident, we can help at MOREnet. Our members have access to our Cyber Security Operations Team to help you identify and recover from these unfortunate events. Send an email to firstname.lastname@example.org and our team will jump right in.
Our members may want to schedule a Cyber Security Assessment where we will evaluate your network and make recommendations to better secure your environment. Couple that with a Network Assessment for a comprehensive overview of your organization’s posture.