Small-business owners: If a hack is in progress, stop what you are doing now and address it. Your professional reputation is on the line, along with the future of your business.
How to Stop the Hack, End the Breach and Eliminate the Threat
- Hire a professional – It is entirely possible the small business was hacked because they did not employ technicians to prevent it in the first place. If you feel out of your depth, contact a professional immediately. IT security professionals specialize in containment. They will find the source of the hack, remove the vulnerability, update hardware and software, and ensure this does not happen again in the future.
- Disconnect every affected device from the Internet temporarily – This will help stop any data from leaving your network and prevent the hacker from compromising additional devices. This may mean disabling internet connections or physically unplugging Internet-connected devices
- Change and reset passwords – Many hacks begin with compromised passwords. The moment a network or device goes back online, the hacker will log back in unless all credentials have been changed and updated.
- Update all software – Begin by scanning all hardware and software with anti-virus programs and removing viruses. Vulnerabilities are often due to outdated software or operating systems riddled with flaws. Updating with critical patches eliminates these threats. You should have backup systems in place for systems that are critical to your daily operations, so that you can still provide services while you address the hack.
- Update your hardware– Outdated hardware simply can’t keep up with the requirements of newer, more robust software or the security software required to keep networks secure. If you must operate legacy hardware, you should take steps to protect it behind a firewall and a Virtual Private Network (VPN), with as few points of online access as possible.
- Back up all of your data – You may not be able to do this in the middle of a hack, particularly if you are a victim of a ransomware attack. All company data should be backed up to a secure location and encrypted.
- Manage all identities – You also must make sure that you are managing identities and access to accounts. You must do this across the board, as just one account being accessed could make you or your network extremely vulnerable. Whenever someone leaves your business, delete all of their access accounts and change passwords for all shared services.
- Use conditional access – Additionally, you should make sure to use conditional access that is based on factors such as location or device.
- Utilize multi-factor authentication – You can use multi-factor authentication on its own, or with other conditional access methods to ensure those who are trying to access your data are legitimate.
- Schedule security awareness training– Assuming employees know what to do and more importantly, what not do, is risky. Provide ongoing security training and “security appreciation training” to partner with employees to protect the network.
- Patch and update – Set up a system so that you can always ensure that your hardware and software is \patched and updated on a regular basis. Use automatic software updates as much as possible. Pick a time every 2 weeks to review software that you cannot auto-update.
- Align your IT security with other business security – Those who are in the IT industry often feel as if they are struggling to keep up with changing technology, including security tech. The success of a business is based on keeping it secure, and keeping all types of security in mind has a direct impact on revenue. Overwhelmed? Consider hiring a Virtual CISO, who will bring executive-level IT security experience to you at a fraction of the executive cost.
Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.