In my youth (which rather gives you a clue as to my age), there was an amusing sitcom called Dad’s Army, where a rather hapless soldier, called Captain Mainwaring, would often be found running around like the proverbial headless chicken shouting “don’t panic” whenever there was the slightest problem.
For many SMEs, a hack attack makes you feel a bit like this.
You know that you’re under attack, however, you don’t know who the enemy is, where and how they got there or even why they’re doing it. All you know is that they have the capacity to pull down your website, cut off your communication, upset your customers, potentially steal money from you and that you need to deal with the problem immediately.
Unfortunately, however, SMEs don’t generally have the technical resource, knowledge or the experience to cope with being hacked and as a consequence suffer the blind, helpless feeling of panic of our Captain Mainwaring.
What happened to me?
At PCA Predict we take our defences pretty seriously. As a company which has a high profile on the internet and many large customers which rely on us to look after their data, we maintain a number of accreditations such ISO 27001, the data security standard, and have our own team of experts who are permanently on call to deal with potential cyber-attacks.
And yet, in spite of having a platform which is heavily locked down and protected, things still get though such as the recent hack attack on my Gmail account which sent out a message to all of my contacts and was designed to harvest their Gmail addresses and passwords. Luckily, this was just restricted to Gmail and none of our internal systems were breached.
While initially embarrassing for me, we have a standard contingency plan which may be helpful if you find yourself in a similar situation.
(1) Prevention is better than cure
Always assume that your systems will be compromised at some point and make sure that you have appropriate defences in place to protect yourself. The minimum first line of defence should be to have up-to-date antivirus software on each connected device that you have in your business as well as firewalls to protect your servers.
While, it is sometimes difficult to lock every device down, there are further “common sense” rules that you can apply such as severely restricting access to storage devices, such as USB memory sticks, to limit potential virus entry points or to otherwise curb potential loss of your valuable business data. As attacks can easily come from within the business as from outside.
It is also worth being more sensitive to potential security weaknesses when you are logging into free WiFi zones while out “on the road” as a relatively easy way for anyone to collect personal login data is to set up their own fake site and capture information that way. Using your phone to create a mobile data hotspot will offer some protection on this front.
(2) Identify the source
If you think you’ve been a victim of a hack attack, one of the first steps is to identify the source of the issue and which systems are affected. Usually, you’ll be able to find information on any potential attacker in logs of affected services or devices – if you can get the IP address you can do a lookup in the RIPE database to find the origin. You’ll need to isolate any affected services/accounts from the network, in the case of services like Gmail this would mean changing the password and suspending the affected accounts temporarily, to stop any further damage by the attacker.
(3) Communication after a hack attack is key
Once any affected services are isolated you can begin to diagnose the impact of the attack. Most services will have a log that you can query to find any actions that were taken on that account. In Gmail, for example, you can see any mail messages sent along with the recipients. You can then use this to draw up a list of affected parties to send a response to.
The standard attack, such as the one that I suffered, is usually a so-called phishing attack, where the aim is to steal login details by assuming the identity of a trusted person to persuade them to do something that they would not otherwise do, such as downloading a file containing a piece of malware. So it’s worth sending out a warning as soon as you can to anyone you suspect may have been affected to ensure they don’t open any infected attachments.
(4) Lock ‘em up
Once the initial incident is under control, you’ll need to secure any affected accounts. Make sure to change the passwords on these, and also on any other accounts the user accesses to be safe. Use strong passwords and most importantly ensure that two-factor authorisation is in place for all services that allow it. This requires a user to enter a second code to log in, typically from an app or message, and makes it far harder to attack an account.
(5) Education, education, education
Even with all of the above, some breaking threats will make it through, so your strongest asset for dealing with attacks will always be your end users. Hold regular training sessions and ensure that the users are trained to diagnose potential threats, and react accordingly.
Follow all of these points and you’ll be in a good place for dealing with the threat of a back attack as they arise.