The NOCout Report 003: I've Been Hacked!

The most difficult aspect of working in IT is not the conspiracy theorists, asking customers if they have rebooted yet, or resetting passwords—it’s witnessing our fellow managed service providers (MSPs) deliver subpar IT solutions. 

Good IT service is about far more than installing antivirus software and transitioning a client to Gmail or Office 365. Unlike law, accounting, or other critical services, the information technology field is virtually unregulated. Anyone who wants to become a “Microsoft Partner” simply pays an annual fee and they’re good to go. This lack of industry guidelines leaves a shiny veneer on poorly constructed services. 

Nowhere is this difference more obvious than in cyberattack response. Too many providers simply reconfigure some settings , replace a few servers and do nothing else to address the real issue that allowed the attack in the first place. 

So, how should you respond to the discovery of ransomware, virus, or a phishing attack? 

We recommend these four steps to recover from a cyberattack. 

1) Immediate reaction: Time is of the essence during an active infiltration! Power down, unplug, and disconnect all of your hardware—from your computers to your servers. The goal here is to contain the breach to the affected hardware and prevent further damage. 

2) Fix the issue: Identify the source of the attack and isolate it from the network. Reset passwords and restore your system from backups. 

3) Never Again: This is the step so often overlooked by subpar MSPs. Analyze your response and implement the policies, training, software, and hardware necessary to prevent such an occurrence from happening again in the future. 

4) Report the Breach: You have a responsibility to report your breach to authorities like the FBI and (depending on your state) possibly even a legal obligation to report to state regulators. If your breach compromised customer or supplier data, you need to let them know as well so that they can take appropriate measures. 

Get in touch with us if you need help responding to a cyberattack—or far better—preventing one from happening in the first place!