Cyber threats can not only be malicious software that attempts to breach your organisation's firewalls, but it can also be an unsolicited email, containing a link to a legitimate website, which launches a program and allows unauthorised access to all of your organisations systems and databases.
It would be advisable to obtain assurance within your organisation that the following is in place:
- that all IT systems are fully protected against all known malicious cyber threats and data is regularly backed up;
- that all employees are aware of the risks and their own responsibilities when using the organisation's IT systems;
- that your Business Continuity Plan is robust, up-to-date and regularly tested.
Further preparations for a cyber-attack:
- Have an incident response plan and post-attack plan of action;
- Identify key/critical assets;
- Implement appropriate technology (software/hardware) to protect critical assets;
- Get legal authorisation to monitor internal user activity;
- Ensure staff are trained and educated in cyber security;
- Stay informed about threats;
- Make an initial assessment of the threat/extent of the damage;
- Take steps to minimise additional damage;
- Keep detailed records during the attack;
- Ensure backups are available for use;
- Gather forensic data from the affected system(s);
- Notify the Police/appropriate authorities;
- Work with the Police to contact other potential victims;
- Continue to monitor the affected system(s);
- Initiate measures to prevent future attacks.
Things NOT to do during an attack include using the affected systems to communicate about the incident. For example, if an email server has been compromised, don’t use that server to send emails about the breach. The attackers may be hoping you will do just that, essentially making a bad thing worse. Don’t attempt to hack into the attacking system, this is probably illegal and could result in civil or criminal penalties.
Following the international cyber attacks (May 2017) some useful website links are listed below which provide advice for both the public and business use:
- National Cyber Security Centre (NCSC)
- 10 Steps to Cyber Security
- Reporting a cyber security incident
- Cyber Security - .GOV.UK
- Centre for the Protection of National Infrastructure (CPNI)