In the current landscape, maintaining digital security is more important than ever for SMEs. But what should you do if someone maliciously attacks your business’ system?
However, the online extension of a business has to be protected from external threats.
My Business spoke with Andrew Hurren, solutions architect at Intel Security, for his advice on how to maintain your business’ digital security.
“Having critical systems breached, if it takes down your business, it’s taken down the lifeblood of your business,” he said.
Go back to basics
Mr Hurren recommends revising the basics of your digital system.
This involves making sure that users have data backups, that operating systems and applications are up to date, that users have tools to help protect the digital system, and that they are unable to accidentally access private data.
Make a plan
It’s important to have a plan that not just accounts for IT management, but considers the business as a whole.
Mr Hurren said legal and media representation should be considered in any potential plan, to ensure the right message is presented.
“If a breach has gone live … how should an organisation be messaging appropriately to their customers who may be impacted?”
Turn off or leave on?
If a business’ digital system does become affected, it may not always be the best idea to turn it off.
“There’s a couple of things you need to take into account: what service does that device or system actually deliver for the business?
“Is it something you can take offline?
“If you take it offline, is it going to cause a [bigger] impact than how it’s already been affected?”
If the affected area is in a small system, taking that system offline may be advisable, but if it’s in a larger system, leaving it on may be more beneficial.
“If you do have the capability, you may even look to really contain that threat from spreading any further, but let it continue so that you can actually analyse and identify the true source of that infection or breach,” said Mr Hurren.
He recommended users incorporate protecting against, detecting, and responding to threats within their plans.
“Protection is typically about addressing the known, whether that’s a known attack method or known attack behaviour,” he said.
“Protection is always going to be preferred, because if you can stop it upfront, you don’t have to have to worry about the whole recovery aspect.”
Inform the authorities
If you detect that your digital system has been affected, it’s best to leave things as they are and inform the appropriate authorities.
“If it is an absolutely recognised as an instance of cyber crime, make sure that you involve the authorities, said Mr Hurren.
“Also make sure that you’re not deleting evidence.
“If this is an instance of cyber crime, you’ve got to make sure that you’re backing up the logs, the things that could be useful to help … forensic analysis from a law-enforcement perspective.”
Leave intruders alone
If an assailant is maliciously affecting your digital system, fighting back is the worst thing you could do, according to Mr Hurren.
“A lot of the time, you’re not going to know who the assailant is; they may be hidden behind many, many layers of technology.
“[One] approach [for hackers] is to make themselves anonymous. They may be using other compromised networks to target you, so you need to be very careful from that perspective.”