Our previous post on this subject examined some of the steps that you, the business owner, need to take if you are impacted by a cyber-attack.
In summary, it included the following:
- Secure all of the physical devices and relevant software applications.
- Stop additional data loss.
- Assemble a team of experts:
- The Team Leader;
- The Incident Lead;
- The IT Contact;
- The Legal Representative;
- The Public Relations Officer;
- Management Team.
In this post, we look at those parts of your IT infrastructure that you need to review in detail to determine what happened, and how the vulnerabilities can be fixed.
What to Check For
1. Your wireless devices:
After you have been hit with a cyber-attack, the first thing you should check for are the state of your wireless devices. This includes everything from your notebooks, tablets, to smartphones you have issued to your employees.
One of the key things you need to ask your team (as described above) is if the wireless devices themselves were the culprit of the cyber-attack.
For example, were all of the software upgrades and patches installed?
If this is the case, then you need to work with your team to come up with a schedule going forward to check for the upgrades and patches, when they should be downloaded, and most importantly when they’ve been installed.
If your business is small enough, perhaps you can do all of this at once, but if your organization is a bit larger with more employees, then you will probably have to implement some sort of staggered schedule for these updates.
On another note, it’s helpful to designate an employee in your business that will have oversight and responsibility of all of this. Preferably this person should come from your IT staff.
Another key question that needs to get asked at this point is if your employees used one of their own wireless devices to access the company network.
Many times when an employee does this, their device is usually not protected, thus leaving the cyber attacker a gap in which they can wreak havoc on your entire network.
If this is the case, then you need have even stricter standards of enforcement for your employees’ devices. Possibly to use only company issued wireless devices and remind them on a regular basis of the consequences if they don’t follow the rules.
2. The passwords which your employees have created and used:
If your workers’ password are weak in nature (such as using “12345” or “password” as the actual passwords), then there is a good chance that the cyber attacker launched a dictionary style attack against your business. This is a kind of attack where
“. . . attempts to defeat an authentication mechanism [is done by] systematically entering each word in a dictionary as a password . . .”
So obviously the weaker the password is, the easier it is for the cyber attacker to guess it and penetrate your systems. If you find that this was the cause of the security breach, then using a Password Manager could be very useful for you.
These are software applications that allow your employees to create long and complex passwords that are very difficult to crack.
Once created, they can be easily stored and accessed very securely from within the password manager itself.
3. Your network segmentation:
When one thinks of network connectivity, very often the thought of one, non-stop loop of data transfer comes to mind.
However, the fact of the matter is that most networks are broken up into separate “trunks”, or “segments.”
So while you may get the impression that the network connection is a two-way flow cycle (for example, from your laptop to the web server and vice versa), there are many network segments that the data packets flow through.
This is also probably the case at your place of business or corporation. More than likely, you probably outsourced the deployment of your network infrastructure to an outside third party.
As a result, you will have different network segments established.
There are reasons for setting it up this way, for instance, if one part of your network segment fails, the other segments can serve as an immediate backup to keep the flow of network communications running smoothly and uninterrupted.
If you have been hit with a cyber-attack, apart from checking upon the above two items, you will also want to immediately check your network infrastructure.
With your team (especially your designated IT contact), you will want to examine which, if any, of the network segments were impacted and determine how they can be further protected in the future.
For instance, perhaps you may need more firewalls, routers, and even a network intrusion device to alert your IT staff if any “bad” or “malformed” data packets are indeed entering into your network defense perimeters.
4. Your servers:
Along with the network segments, you will also want to closely examine your servers.
Depending upon the size of your business, you may just have one, or even multiple servers.
Your server(s) host different applications, as well as various network drives that contain shared resources that your employees access in order for them to conduct their daily job tasks.
It’s important in this regard to examine if indeed the latest software upgrades and patches have been installed onto the server operating systems, and if not, just like the wireless devices, you will need to come up with a regular schedule for downloading and installing these respective patches and upgrades.
In the end…
Overall, this post has examined the key components of your IT infrastructure that you need to pay attention to immediately and take corrective actions after you have been impacted by a cyber-attack.
These include your wireless devices, passwords, and your network Infrastructure. In the end, these are the prime target vectors for the cyber attacker.
Our next post of this multi-part series on the subject will continue to examine what you, the business owner, need to do in the case of a major security breach.
This involves creating a communications plan to alert all relevant parties what has happened, what has been impacted, and the corrective actions that will be taking place in order to mitigate the risks of any other cyber-attacks from occurring again.