Business Continuity: Malicious Downloads, pt. 2

A few weeks ago, we looked at prevention of malicious downloads. Today, I would like to look at some key components to business continuity which, in turn, is a key for your business or organization’s survival should the unthinkable happen. Although we only see the biggest companies on the evening news, the reality is that the vast majority of breaches occur to small- and medium-sized businesses. Let’s dive right and examine what mitigation measures can be taken if a serious breach does occur. (Please note: This is not necessarily a guide or sequential outline of items. Always consult an IT professional if your company or organization has been the victim of a cybercrime.)

For the purposes of this article, we will make a few assumptions:

The breach was severe enough that basic scans and malware removal are not enough to mitigate. This would include, for example, a cryptolocker attack that has infected and encrypted a large multitude of files across vital IT areas.
The attack has ended—the immediate danger of the threat has been neutralized, i.e. the infection has been controlled and removed and there is no danger of re-infection due to isolation or erasure.

Consult Business Continuity and Disaster Recovery Response Plans

The first step in continuing operations is to gather previously prepared plans. These plans include what should happen, when those things should happen, and who is responsible to make them happen.

Change of Account Authentication

A breach means there was a failure in security at some level. While forensic discovery has not occurred yet at this point (and thus method of entry could still be unknown), all passwords allowing access to sensitive hardware, software, or web sites should be assumed compromised and immediately be changed and MFA added wherever possible to increase efficacy of the login authenticity.

Microsoft Office Remediation

Perhaps a most basic remediation strategy will revolve around a recovery of Sharepoint and OneDrive. These systems offer historical recovery up to 30 days for files of individual accounts that were synced to One Drive and Sharepoint. However, this process can be slow and most likely, except for perhaps the smallest businesses, will not offer a sufficient amount of data to avoid a major interruption in productivity.

While this step can help to recover some files, relying solely on default protections from Microsoft is generally a poor business continuity plan and should be avoided as an all-inclusive recovery solution.

Forensic Exploration

A determination should be made as to the method of intrusion. For example, if an account was compromised and lead to the infection, the method of compromise should be found, if possible, to avoid future security breaches. However, while credential compromise is a very common culprit, malicious attacks can be caused by infinite other possibilities including OS vulnerabilities, breaches caused by BYOD policies, or hardware/firmware vulnerabilities (among many others). A forensic IT investigator will often determine the geographic source of the attack, the full nature of the attack, exfiltration information (what the bad actors took with them), and other pertinent details.

Here at Certified CIO, we utilize the services of the experts at SOCLogix for this task. Because their job is much easier if they are already monitoring, we offer customers a monitoring and logging service so that things can get back up even faster.

Backups

If the health of on-site backups is intact, business continuity can start to take shape. Recovery could commence with re-imaging server and other hardware components, as needed. Time and date of breach should be established prior to this to avoid re-creating an already compromised scenario where a backdoor for access could easily still exist for the malicious actor.

Datto and Datto SaaS

Datto is an industry leader in business continuity and for good reason. Datto provides a relatively route to return to productivity by offering server backup solutions that, in some cases, are as easy as flipping a light switch. (Okay…it’s a little more than that. But it is easier and faster than most solutions.)

This product is called SIRIS, can be sized appropriately for your business or organization, and serves to provide one of the industry’s best bets for business continuity. With options to restore file level, image level or spin up a server using only the device, Datto SIRIS gives the most variety of options for recovery and is the gold standard for business continuity.

Another offering for smaller servers is called ALTO, which accomplishes a similar task with a few more steps (but still much faster than many more common solutions).

Datto also offers a SaaS product which is licensed individually, increasing the retention of Microsoft One Drive exponentially.

Dark Web Scanning

After the business is back up and running, many decision makers fall a bit short in maintaining a vigilant outlook. One option to help prop up security lapses is to maintain an automated service that scans Dark Web databases for breaches of individual account credentials. Certified CIO uses ID Agent’s Dark Web Monitoring for this. A discovered exposed credential creates a ticket in our system that requires a password change, removing the exposed password quickly after discovery.

How You Can Increase Your Preparedness

If you’re unsure that your business or organization is adequately prepared to handle an IT emergency situation, CONTACT US and we would love to sit down with you and create a plan! From creating response plans to shoring up cyber defenses, our experts can help you get your IT more productive—and stay more productive.

Tabbie Coulter

great professional service and very timely!! would highly recommend for your IT needs.

Jessie Palma

I love this company. They have soo much talent there and they always fix it so quickly! They are very professional and courteous! I've gotten to know some of them because we treat each other like human beings :) It's like having an extended family.

Fernando Perez

Awesome management! Great company.

Joseph Silbaugh

I needed to add an older laptop to the business account for my use on the road. CIO did everything remotely for me. It made the task so easy. They updated everything, added my office 365, my 3 emails and checked everything. Great job, quick and efficiently no stress. I recommend them highly

Kay Westerhold

Always a quick response. Issue solved and can continue on with the task every time. Great job CCIO!!

Bill Fissell

The service was prompt, friendly and knowledgeable. Could not ask for more than that.

Kevin Slack

Upgraded our router with Comcast. It did not go smoothly until Steve Plumlee got involved and got everything working well. When Steve is working on our IT issues, they get resolved. Amen.

Hickory Falls Family Entertainment Center

Thanks for going more in-depth with your engineers and investigating solutions and resolving some of our email challenges.

Bill Moorman

Certified CIO is a smart, professional and friendly team of engineers to work with. I am a bright person but computers can make me feel incompetent. The team at Certified CIO never allows you to feel awkward even asking the most basic questions. You have been a lifeline many times. Thanks for your support.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Better IT for Business. Call Today! (717) 340-6000 (443) 283-0666