In addition to seeking guidance from a data security professional, follow these five steps for quickly responding to and recovering from a network attack.
1. Verify the attack on your network.
2. Contain the damage and preserve your business assets.
Also, you need to identify the exact damage done to individual devices. Compare the configurations and data sets for each compromised computer and server with the last known stable and clean backup for each system.
You need to delete any offensive content that the hacker left on your site or wipe your systems clean of malware, but you also need to preserve evidence of the crime that was committed against your company—a practice recommended by the Anti-Phishing Working Group (APWG). The APWG also recommends making safe copies of the illegal content or unauthorized applications, separate from any systems that could be further damaged by that content. Make sure to check with your company’s legal counsel before doing so. Some content shouldn’t be copied, particularly child pornography, and must be immediately reported to authorities before you proceed with cleaning up those systems.
3. Decide if you need to make a public statement about the incident.
4. Clean up and restore the affected systems.