Courtesy navigation

How to defend your business during the four stages of a cyber-attack

How to defend your business during the four stages of a cyber-attack

February 02, 2015 by IT Donut contributor

Every one and a half seconds, another organisation is hit by a cyber attack. There’s one now. And there. And there.

Are you prepared to defend your business?

Thousands of security breaches

Even a minor security breach can hit your business hard. And if you’re unlucky, it could cost you up to £65,000 to recover.

If you’ve not considered how you might cope in a crisis, your business and your data could be at risk.

The bad news? It’s easy for a hacker to launch a sneak attack. The good? Nearly all attacks are preventable.

To protect your company from a security breach, you need to understand the four stages of a typical attack. Then you can make sure you have the right security protocols in place.

Stage one: the crack in the wall

A major data breach usually begins with something small, like an employee falling for a phishing attack and opening a bad email attachment. The infamous Sony Pictures hack may have begun in this way.

To keep this from happening, make sure your employees have a grounding in basic security. Anything coming in to your company should only be accepted if employees know and trust the source.

If the crack in the wall has already appeared, delete any suspect files, disconnect any affected computers from your network and sweep the computer for any traces the file may have left behind.

Removing some malware can be notoriously tricky, so it’s a good idea to bring in your IT support company. A small amount of money spent now can help limit your future losses.

Stage two: information gathering

Once a hacker has gained access to your systems, they’re likely to start gathering valuable information.

For instance, that bad attachment could have installed keylogging software that can record every keystroke. This can give the hacker access to usernames and passwords, email addresses, credit card details and more.

As a preventative measure, make sure every computer in your business is running up-to-date anti-virus and security software.

If keylogging software is detected, reset all passwords in your business – even if you think they haven’t been compromised.

Stage three: the stolen password

Once a hacker has begun collecting your passwords, they can use them to get much deeper into your systems.

To prevent one stolen password giving the hacker an all-access pass to your data, set up permissions and controls so each person in your business can only access the resources they need.

For instance, there’s probably no need for your sales team to have access to the full company accounts.

Stage four: disaster

Once hackers have access to your company’s servers, your data is at their mercy. They can easily steal sensitive information and even wipe it completely, causing irreparable damage.

To prevent disaster, you can use real-time audit reporting to detect suspicious activity. Your policy should be to disconnect first and ask questions later.

If your data does get wiped, be prepared with off-site backups that are updated regularly. Having your data stolen is terrible, but losing it altogether could kill your business.

Most cyber attacks are easily preventable, and common intrusions usually take several days to complete.

By putting these simple security measures in place and knowing how to prevent hackers from seizing control of your data at every stage in the process, you can sleep more easily at

night.

Copyright © 2015 Kris Lahiri, co-founder and the VP Operations and Chief Security Officer of Egnyte

More on this topic:

Tagged security | 0 comments

Comments

Add a comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <p>
  • Lines and paragraphs break automatically.

  • Links to specified hosts will have a rel="nofollow" added to them.

When you click 'Register' to create a new account, you accept our terms of service and privacy policy