There are three certain things in this life: death, taxes, and hacking. If you’re lucky enough to have avoided the hacking aspect of that so far, don’t get too comfortable. While there are plenty of “surefire” ways to prevent hacking, the truth is, it’s unstoppable, inevitable, and it’s probably going to happen to you. Even the NIST agrees.
Taking the proper security measures to prevent hacking is the first step, but they will get through because these guys are persistent. That, by no means, means security should be ignored, but those efforts mean little if you’re not prepared for what to do after you’re hacked as well.
Quick question: why do companies pay hackers when they take over their systems and networks? Because they have no other choice. These companies that pay out are forced to, because the hacker has all the control. Being prepared for that situation, however, is putting you one step ahead in the hacking game.
1. Understand Your Systems Like the Back of Your Mouse
According to the NIST, the first step in preparing for the aftermath is to have a “good understanding of the system boundaries.” What this means is, understanding your system is the first step in coming back from a hack.
If you don’t fully understand your systems, and the extent of power a hacker could have over them, you’ll never be fully sure you have completely regained control. If a hacker has found systems you’re not familiar with, he or she can stay in power in that system, locking you out until you give into their demands. Only when you understand your systems like the back of your hand can you be certain a hacking presence has been removed.
2. Be Prepared With the Past
Chances are you don’t have a Delorean and flux capacitor ready, so how are you going to be prepared to get that old data back after a hack? The answer to that is in the backup system.
A hacker only has power over an organization so long as they have their systems, and they primarily want this for the data that is stored. If you have control over that data in backups, the hacker is losing their leverage. Additionally, if the hacker is one of those folks who just want to watch the world burn, when their aftermath has ceased, you still have the most important thing of all – your data.
Backups need to be more intensive than the iCloud backup your iPhone does once a month. Databases and files need to be individually backed up, and most importantly the data needs to be backed up into a secure location. Your efforts will die in vain if you take the time to back everything up, only to have it on the same server that’s been hacked.
3. Have a Playbook Handy
Having systems in place for the post-hack-apocalypse is only going to be a useful as how effectively you implement them in your recovery, which is what’s going to get you back on track. Typical recovery steps include scanning for viruses, changing all FTP passwords, deleting all files (since they could still be infected) then restoring from a backup, changing each user password along the way.
The exact steps your organization will need to take in your planning document development for after a hack will be different depending on the scope and type of hack, and what your organization does. Having a playbook handy beforehand, however, will increase the productivity of this process, and get you back online sooner than you would imagine.
A professional IT consultant can assist you in any and all of these steps, and can be the most effective way to ensure your systems will recover from a hack. When it comes to getting hacked, preparation is key – not only in security, but in what you’ll do after the inevitable happens after all.