29 October 2019

In the aftermath of a cyberattack

Hey there and welcome back to another edition of the Hussey Coding blog.

Recently we talked about the necessity of having a RESPONSE PLAN, click the link if you missed it. Today we are going to expand on parts 3 and 4 of the response plan and look at some simple things that can be built into your company's DNA to help make recovery an easier task when you find yourself ...

The attack has happened, it's been dealt with and your company has survived, now you are left looking over reports and having conversations about the damage that was caused to your store, systems and even companies reputation.
But what now? What are the steps you take to prevent another attack, remember that just because you got through this one, doesn't mean there isn't another attack on it's way, in fact if someone is out to get you specifically then now is the perfect time to try again.
Here are 5 things that we recommend you do as standard in the aftermath of an attack.

#1 - Change your passwords
All of them, now! And not just yours, your staff too. There is no guaranteed way of telling exactly what your attacker had access to while in your systems, if they managed to gain full user access then they could have deleted the logs as they went along and hidden their tracks and so it could very well be that they have acquired a number of passwords and log in details along the way which left unchanged leaves your company wide open to a secondary attack. If you missed our blog on CREATING STRONGER PASSWORDS recently then click the link to read more about this topic.

#2 - Check your access logs
Now that your passwords are changed it's time to see who's had access, you're looking for any unauthorised accounts or even old accounts that you may not have deleted. In our blog about the 6 COMMON CYBERATTACKS we saw that one of the most common motivations for conducting a cyberattack is revenge! That ex employee or contractor that felt their dismissal was unfair or that third party company where communications broke down may still have access to your systems if no one took the time to revoke their access. These are the things that you want to be looking out for.

#3 - Create backups
Backing up your data often will make the process of recovery so much easier!
The more often you backup your database the less you will lose in the event of an attack, it will also help you keep your store running smoothly while you deal with other aspects of the aftermath. If you don't know how to do this then check out our blogs on how to back up your M1 and M2 stores by clicking the links.

Make sure that you also back up to a secure external location, if you only backup to one location and that location is compromised then you stand to lose everything. Having 1 or 2 external locations will help you greatly during the recovery process.

#4 - Check and update your security
Whether you got a developer or your company dealt with the attack it is important to conduct a full security run down. Check everywhere for anything that the attacker may have left behind in order to use at a later date. Look for other weaknesses other than the way your attacker got in and update your whole security package for your store and any computers on your network that have access to your administration panel.

#5 - Be transparent
When you have done all of these things and all those involved in dealing with the attack are 100% convinced that your systems are secure again it's time to ask the question, who needs to know?
You will need to notify anyone who may be affected by the attack, customers, clients, third party partners and staff.

Why are you waiting until you're sure your company is secure again? Well if you go right away without being sure then there is no guarantee that any updated data sent to you by clients or customers is secure and you could find yourself in a bigger mess than if you were sure.

Be sensible here, don't do anything you don't need to do but also don't neglect to do the right thing either, if your company has undergone a failed phishing attack then notify your staff and warn them of it, you don't need to go contacting all of your customers or clients about it. On the other hand if you have suffered an attack where malware has been installed and has sent your entire customer database to the attacker then you really need to contact them and inform them of this breach in security, not doing so immediately and attempting to hide this will cause irreparable damage later down the line should the truth be discovered.

Obviously this all boils down the the moral integrity of your company and the kind of reputation that you as an owner or developer want to have and so I leave you with this quote by an old wise man who once said
"We must all face the choice between what is easy and what is right" - Albus Dumbledore.

Thank you all again for taking the time to read this and all of our blogs thus far, we here at Hussey Coding really do appreciate the support you have shown. Please feel free to leave us a comment here or on our various social media profiles, listed below, we would love to connect with you!

Speaking of connecting, head over to 365retail.co.uk now to read their article on Hussey Coding's new service developer connection, the new Magento project marketplace specifically designed to bring Magento clients and developers together and don't forget that until the 1st of November 2019 all projects of £25 are FREE!
So head to developerconnection.co.uk and use promo code 'freeproject' at the checkout now!
Until next time stay safe and have a great day.

Want to contact Hussey Coding? here's how
You can mail us at info@husseycoding.co.uk
Visit our website at www.husseycoding.co.uk

Or join in all the fun on our social media profiles
Facebook - facebook.com/husseycoding
Twitter - twitter.com/husseycoding
LinkedIn -linkedin.com/company/hussey-coding
We look forward to hearing from you soon.

1 comment: