What happened to me?
At PCA Predict we take our defences pretty seriously. As a company which has a high profile on the internet and many large customers which rely on us to look after their data, we maintain a number of accreditations such ISO 27001, the data security standard, and have our own team of experts who are permanently on call to deal with potential cyber-attacks.(1) Prevention is better than cure
Always assume that your systems will be compromised at some point and make sure that you have appropriate defences in place to protect yourself. The minimum first line of defence should be to have up-to-date antivirus software on each connected device that you have in your business as well as firewalls to protect your servers. While, it is sometimes difficult to lock every device down, there are further “common sense” rules that you can apply such as severely restricting access to storage devices, such as USB memory sticks, to limit potential virus entry points or to otherwise curb potential loss of your valuable business data. As attacks can easily come from within the business as from outside. It is also worth being more sensitive to potential security weaknesses when you are logging into free WiFi zones while out “on the road” as a relatively easy way for anyone to collect personal login data is to set up their own fake site and capture information that way. Using your phone to create a mobile data hotspot will offer some protection on this front.(2) Identify the source
(3) Communication after a hack attack is key
Once any affected services are isolated you can begin to diagnose the impact of the attack. Most services will have a log that you can query to find any actions that were taken on that account. In Gmail, for example, you can see any mail messages sent along with the recipients. You can then use this to draw up a list of affected parties to send a response to. The standard attack, such as the one that I suffered, is usually a so-called phishing attack, where the aim is to steal login details by assuming the identity of a trusted person to persuade them to do something that they would not otherwise do, such as downloading a file containing a piece of malware. So it’s worth sending out a warning as soon as you can to anyone you suspect may have been affected to ensure they don’t open any infected attachments.(4) Lock ‘em up
Once the initial incident is under control, you’ll need to secure any affected accounts. Make sure to change the passwords on these, and also on any other accounts the user accesses to be safe. Use strong passwords and most importantly ensure that two-factor authorisation is in place for all services that allow it. This requires a user to enter a second code to log in, typically from an app or message, and makes it far harder to attack an account.(5) Education, education, education
Even with all of the above, some breaking threats will make it through, so your strongest asset for dealing with attacks will always be your end users. Hold regular training sessions and ensure that the users are trained to diagnose potential threats, and react accordingly. Follow all of these points and you’ll be in a good place for dealing with the threat of a back attack as they arise.Share this story