Handling Common Cybersecurity Threats
In as much as network firewalls have inbuilt capacity to stop cyber-attacks, some IT devices can still get compromised. Hence, we highlight below some of the key actions in the event of a security breach. By following these guidelines, the security systems engineer will be able to identify attacks, isolate affected devices and quickly stop the damage. We give guidance on handling common cybersecurity threats in Kenya and what to do when computer systems get compromised.
see; network firewall installation price
Most importantly, consider engaging the services of a qualified security professional to help with recovery and remediation. Furthermore, cyber security experts will provide guidance on how to strengthen the IT security infrastructure and remain protected from attacks.
Damage control and Situation analysis
First step when responding to a cyber security incident, is understanding the extent of the damage. Therefore, very important to identify which computers have been compromised. And identify which user accounts have been breached. Assessing the situation can help in establishing the extent of the of the attack.
Isolating the affected endpoint devices
The attackers’ main goal is to infect as many computers within the network as possible. A typical work environment, computers and other devices connect either through wireless network or cabled network. By isolating the affected computers from the network, this stops malware from spreading across the network.
Change of the login credentials
User login credentials still remain as the main point of access to a corporate network. Hence, the next course of action is to update login credentials for every user account. User passwords should be unique and strong. Typically, strong user password should contain a combination of upper case and lower-case letters and special characters incorporated.
Where possible, two-factor authentication should be enabled. That extra layer of security will ensure that the login attempt actually originates from the authentic user. In a two-factor authentication setup, the account user will be prompted to enter the unique password. And, a token will be sent to the users email account or cell phone number.
Incidence response communication
When user accounts have been compromises, especially email accounts, the hackers can use such accounts to scam other people. For example, a hacker can use a compromise email account to receive payments from customers through fraud. Likewise, hackers can use compromised email accounts to initiate bank transactions from personal accounts.
Social media accounts are not safe either. Hackers can use compromised social media accounts to scam friends and followers. This risk should be mitigated. Thus, timely communication should be encouraged to key partners, suppliers and customers immediately an attack has been flagged. Besides preventing future attacks from happening, early communication can prevent a situation from moving from bad to worse.
see; IP PBX telephone installation price
Performance of the full scan for active devices
Cybersecurity threats usually get facilitated through malware, worms and computer viruses. It is recommended that a full scan operation on all computers and smartphones to be done immediately following an attack. A good endpoint protection software should be able to scan all programs and files. And any infected program file or program will be secluded in a vault for neutralization. Even so, adequate endpoint protection requires installation of genuine antivirus software or endpoint security software.
Review of the user account activity
To be sure that a user account has not been tampered with, activities within that account should be reviewed. User activity should be reviewed for all email accounts. Also, account activities should be reviewed for payroll software, human resource software, accounting system. And the responsible service providers to be contacted in case of any activity that looks suspicious. In short, activity review should be done every system or software within the company.
see; biometric clock in system price
To prevent any unauthorized transaction, user account security settings should be updated. This could be mean implementing two-factor authentication if not already activated. Also, ensure important information required during recovery should be updated, that is, secondary email address.
Monitoring user accounts
Monitoring user activity within an account remain a key requirement in detecting early enough if a compromise has happened. Detecting early if a system has been compromised can really help in preventing devastating effect of a successful attack. Important word of advice; regularly monitor user account activity because you can never be 100% safe.
System recovery and Remediation
The main purpose for remediation is to reduce the risk of being exposed to more attacks in the future. A good starting point should be to have a well customized incident response plan. The plan will not only help identifying attacks faster but also help recover quickly from attacks. Therefore, in the event of an attack, the main action plan should be to stop the spread of the attack whether malware or virus. We have highlighted the four key steps in threat management.
Usually, the first step will be to implement a containment strategy which basically involves changing user login details. The second step will be to eradicate the attacker from the network which means disconnecting the affected devices from the network. At this point also, the affected applications will be identified and installed immediately.
The third step will be restoring back everything to normal operation. This follows a successful recovery plan. Lastly, the final step would be remediation. This involves putting in place strategies that will stop future incidences from happening. Some of these strategies include hardening the firewall, updating endpoint security policies, and implementing IT system audit.
Do you require professional help in responding and managing common cybersecurity threats, then contact us today.
