Recently we talked about the necessity of having a RESPONSE PLAN, click the link if you missed it. Today we're going to expand on parts three and four of our response plan. Looking at some simple things that you can build into your company's DNA to help make recovery an easier task when you find yourself ...
But what now? What are the steps you take to prevent another attack? Remember, just because you got through this one, doesn't mean there isn't another attack on its way! In fact, if someone is specifically targeting your company, then now is the perfect time to try again!
Here are 5 things that we recommend you do as standard in the aftermath of an attack.
#1 - Change your passwords
All of them, now! And not just yours, your staff too. There is no guaranteed way of telling exactly what your attacker had access to while in your systems. If the attacker managed to gain full access to your admin account then they could have deleted the logs as they went along and hidden their tracks and it could very well be that they have acquired several passwords and login details along the way which left unchanged will leave your business wide open to a secondary attack. If you missed our recent blog on CREATING STRONGER PASSWORDS, then click the link to read more about this topic.
#2 - Check your access logs
Now that your passwords are changed it's time to see who's had access. You're looking for any unauthorised accounts or even old accounts that you may not have deleted. In our blog,
6 COMMON CYBER ATTACKS TO WATCH OUT FOR, we saw that one of the most common motivations for conducting a cyberattack is revenge! Remember that ex-employee or contractor that felt their dismissal was unfair? Or that time communications broke down between you and a third party company? If nobody took the time to remove their log in details, then they may still have access to your systems. These are the things that you want to be looking out for.
#3 - Create backups
Regularly backing up your data will make the process of recovery so much easier!
The more often you backup your database, the less you will lose in the event of an attack, it will also help you keep your store running smoothly while you deal with other aspects of the aftermath. If you don't know how to do this, then check out our blogs on how to back up your M1 and M2 stores by clicking the links.
NOTE: Since the writing of this article, Magento 1 no longer receives official support from Adobe. However, there are many still operating on the M1 platform. It is our recommendation that you migrate to M2 sooner rather than later, find out why in our blogs, M1 end of life, what are my options? and Headache or opportunity, migrating to M2.
Make sure that you also back up to a secure external location. If you only backup to one place and that location is compromised, then you stand to lose everything. Saving to one or two external locations will help you during the recovery process.
#4 - Check and update your security
Whether you got a developer or your company dealt with the attack internally, you should conduct a full security rundown of your systems. Check everywhere for anything that the attacker may have left behind to use at a later date. Look for other weaknesses regardless of the way the attacker got in and update the whole security package for your store and any devices that have access to your administration panel.
#5 - Be transparent
When you have done all of these things and, all those involved in dealing with the attack are 100% convinced that your systems are secure again it's time to ask the question, who needs to know?
You will need to notify anyone who may be affected by the attack, customers, clients, third-party partners and staff.
Why are you waiting until you're sure your company is secure again? If you go right away without being sure then, there is no guarantee that any updated data sent to you by clients or customers is secure, and you may find yourself in a bigger mess than if you were sure.
The key here is to be sensible! Don't do anything you don't need to do but also don't neglect to do the right thing either. If your company has undergone a failed phishing attack, then notify your staff and warn them of it. You don't need to go contacting all of your customers or clients about it. On the other hand, if you've suffered a Malware attack and the attacker now has your entire customer database, then you need to contact your customers informing them immediately of the security breach! Not doing so immediately and attempting to hide this will cause irreparable damage later down the line should the truth be discovered.
Obviously, this all boils down to the moral integrity of your company and the kind of reputation that you want to have. So I leave you with this quote by an old, wise man who once said
"We must all face the choice between what is easy and what is right" - Albus Dumbledore.
Thank you all again for taking the time to read this and all of our blogs thus far, we here at Hussey Coding really do appreciate the support you have shown. Please feel free to leave us a comment here or on our various social media profiles, listed below, we would love to connect with you!
Until next time stay safe and have a great day.
You can also join all the fun on our various social media profiles
Facebook - facebook.com/husseycoding
Twitter - twitter.com/husseycoding
LinkedIn - linkedin.com/company/hussey-coding
Sign up to developer connection at www.developerconnection.co.uk
Facebook - facebook.com/DeveloperConnection
Twitter - twitter.com/devconnectionuk
LinkedIn - linkedin.com/company/developer-connection