Web Hosting Blog
You have set complicated passwords, set up firewalls and followed the best security processes available yet a hacker still got in. So, what is next? How can you recover from a hack that could be devastating to your business as they got into your dedicated server?
Here are some steps you should take.
Step 1 – Don’t pay
If you are a victim of a ransomware attack, do not give in to demands from the hacker. They usually demand a set amount of money to provide you with your systems back. The truth is, sometimes they will honour the agreement and give you control of the data again.
However, there have been cases when companies have paid the ransom. But the hacker did not release the data; it just remained encrypted. These actions left the company penniless.
Therefore, it is vital that no matter what, you do not give any money to the attacker. It is better that you use that money to rebuild your IT infrastructure.
Do not even engage with the hacker. If they get no response from you, then they will soon leave you alone.
Step 2 – Have you checked your dedicated server backups?
The next step is for you to check your backups. Every day, at least, you should be making backups of everything that is on your dedicated servers. By doing it this often you are minimising the loss of data.
Backups are easy to protect on external hardware that the hacker could not gain access to. So your data should be safe here.
Have one of your IT team or an outsourced company look over the data. They should see if there are any errors or malware installed on the backup that might lead to another attack.
Have your team do the checks on a non-networked computer. Assessments completed this way will help ensure that your backup does not get attacked when you are checking it.
Step 3 – Contact the authorities
You should always contact the authorities early on. It could be that criminals can sell a large amount of your stolen data.
The police and other law enforcement agencies will need to investigate. They will collect evidence and their actions could lead to prosecution or finding out who committed the crime.
When you go to the authorities, you should include all the information you have. The investigators might also be able to help identify how the breach happened. If they find out this information, you can discover how to protect yourself from a second attack.
Step 4 – Close security gaps
A breach has happened because a hacker found a security gap. The access point for the hacker could be anything from your dedicated server not being updated regularly or an employee clicking on an unsecured link.
The police might have found the access point for the hacker. If the authorities have not, then an IT security expert should be able to help. The consultant should also be able to advise on the ways that you can protect yourself in the future.
Steps that the security expert might offer include upgrading your firewall, installing new anti-virus software and training for your employees. The latter of these options is vital. Research has shown that most hackers gain access due to human error rather than software error.
Step 5 – Restore your IT systems and data
Once you’ve discovered the method of entry and fixed the gap in your security, you can restore your data. This process can take a long time.
Step 6 – Train staff
Now you need to retrain your staff in new security measures. All staff must reset their passwords. By changing their user credentials, the hacker is unable to regain control of your system.
It might be a good idea to change the login names as well. This step will make it harder for the hacker. In large organisations, you are likely to have at least one member of staff who uses an old password that the hacker can use.
Do staff training in two stages. The first lesson should be an introduction to the new security measures. The introduction needs to include how the hacker got access to your dedicated server and how staff can prevent it.
A second lesson is great as a refresher. In this lesson, you should aim to get the employees to lead it. By getting them to describe the security measures, you are confirming that they understand the new security processes.
Step 7 – Monitor
Finally, look at ways to monitor your IT infrastructure. The hacker was likely able to gain access to your data a long time before you realised it.
Monitoring your dedicated server allows you to see when a breach might happen before it causes too much damage. For instance, you might be able to see when speed is affected or, an unusual amount of downloading/uploading to your network. When you see these signs, you can start to investigate.
When there is a security breach on your dedicated server, you need to act quickly. Follow the steps above to ensure that you can restore data and recover your business.
However, the most important thing to do comes well before a breach happens: you must have a backup of the data.