Cybersecurity Breach Response: What You Need to Know

Breach Response

This list  is our standard operating procedure (SOP) for the re-claiming accounts that have been hacked from the Microsoft Cloud platform. If using an alternative platform, such as Google, some information may not apply.  We can take no responsibility for any loss of data if you follow these steps.

Triage the Event

Device Checklist

  1. Ensure your device has an up to date antivirus software running.
  2. Ensure your device is using a supported operating system.
  3. Review the current accounts on the device.  Remove any unused accounts.
  4. Failing to do this may comprimise the next steps to regain your account.

Account Checklist

  1. Perform a password reset on the account. Create a complex password containing a minimum lenght of 12 characters. This must contain upper and lower case letters and special characters.
  2. Setup Multifactor Authentication on the account.
  3. Log back in to the account securely.
Review account settings

Checklist

  1. Review the logon activity of your account. Make a note of when suspicious logon attempts occured and note any times and dates.
  2. Review the Rules settings in Outlook. Some hacks involve creating additional email rules to hide malicious activity.
  3. Check your data to ensure this has not been moved or deleted.
  4. Review any audit logs to uncover the scope of an attack.
  5. Review mail logs and look for suspicious activity around the times logon attempts we made.
  6. Completing the steps above will give you a clearer picture of the scope of an account breach.
Expand the review to Other Accounts.

Checklist

  1. Check other accounts that use the same email address.  Change the passwords ensuring accounts use different passwords and are set to a minimum complexity.
  2. If you have any concerns about financial fraud, contact your bank.  For peace of mind look to freeze accounts short term.
  3. Check to see if your account details are on the Dark Web.Have a look at Have I Been Pwned
Report the Attack

Never try to hide an account attack.  Reporting attacks may stop others from being a victim.  As a business, you are responsible for your data and any potential fines issued by the ICO.

Business Checklist.

  1. Ensure other staff inside your organisation are aware of an attack.
  2. Report the breach to your IT Support provider.  Your support should be able to provide an express insight in to the event.
  3. Depending on the scope of a breach, if personal records have been stolen this may need reporting to the ICO.
  4. You have 72 hours to report a breach to the ICO.  If you dont,  you could be fined.
  5. You may need to inform your customers of a data breach.  Condsider the timing and the channels used for the update.
  6. As a victim, consider contacting action fraud to report the crime.

End User Checklist.

  1. As a victim, consider contacting action fraud to report the crime.
  2. Condsider reporting the scams to the government website.
Review your Security Footing

Consider the following.

  1. Review you Antivirus Solution.
  2. Look externally for Cybersecurity As A Service.
  3. Review your current IT Support vendor.  If you have been comprimised, you may not have the right protection.
  4. Review your business policies.
  5. Change your polices to reflect changes in the lessons learnt and ensure staff sign to acknowledge the policy update.
  6. If you as using the M365 platform, align with an MSP that can monitor account activity.
  7. Utilise a local password manager tool.  We recommed Keepass. A free password manager that runs on your local machine.
  8. Make connections with your local IT Support Companies. FInd out what services they can provide in the event you experienced a repeat attack.
post Breach monitoring

Consider the following.

  1. If you have been a victim of a cybersecurity attack, you are more likely to targeted by other scammers.  You need to remain vigilant.
  2. Keep up to date with cybersecurity training to enable you to spot suspicious events. Have a look at our selection of Cyber Awareness Channel.
  3.  Setup notifications on the Have I Been Pwned website.
Conclusion

In today’s digital age, cybersecurity breaches are an ever-present threat, and understanding how to identify and respond to them is crucial. If you suspect that you have been hacked, it’s essential to act swiftly to mitigate the damage and protect your sensitive information. By following the steps outlined in this guide, you can regain control of your accounts, secure your data, and prevent future breaches. Remember to stay vigilant, regularly update your security measures, and educate yourself on the latest cybersecurity practices. Protecting your digital life is an ongoing process, and being proactive is the best defense against cyber threats.

Resolving a cybersecurity issue can be time consuming. Having the right protection in place before a breach could save you time and money. On average the cost of resolving an issue is around £1,200.  Our proactive support starts at £11 PCM.

If you need further assistance or have any questions, don’t hesitate to reach out to our team at IT Lifeline. We’re here to help you navigate the complexities of cybersecurity and ensure your online safety.

As always stay safe online.