OH $#!+ roundup: Security management at its worst

January 15, 20183 Minute Read

Select article text below to share directly to Twitter!


We all know the utter panic that lights up at the first sign of intruders in our networks. Realizing the stakes—and extent of the fallout to come—is definitely an “Oh $#!+” moment. Hackers, phishers, and other cybercriminals are lurking around, waiting to pounce and get their mitts on your personal information or KO your business.

The Woerndle brothers can tell you all about it: It took 10 years to build their international business—and only three weeks for hackers to take over and destroy it. Want to avoid the same happening to your business? Our OH $#!+ series on security management and IT security solutions is dedicated to helping you build barriers against cyber attacks. In case you missed them, here are some of the best tips we’ve laid out so far.

OH $#!+: Your website got hacked—now what!?

Do you know what to do when your website gets hacked? Start with these smart steps:

  1. Name that hack. The three most common attacks are ransomware, phishing, and denial of service. Ransomware sends out emails demanding large sums of money, and the hackers can hide your website’s data behind advanced encryption until you pony up the dough. Phishing hooks suckers via tempting emails or phone calls that seem legit, allowing hackers to siphon off authorization info. Once you’ve been fleeced, they can hijack your site and use it in future campaigns. DoS or DDoS attacks choke your website via countless automated hits, which can bring down your entire network.
  2. Quarantine without prejudice. Immediately shut down the compromised server after an attack. Pulling up your disaster recovery site is useless if a phishing attack has stolen your credentials. Likewise, throwing another site up only adds fuel to the fire. It’s better to be overzealous by shutting down rather than keeping sites live and spreading the disease.
  3. Exterminate and restore. After an attack, you need to destroy the threat. Depending on the attack, specific actions can help you get back up and running. When the fire is extinguished, it’s important to learn from the event. What could have been prevented? How could a resolution be more quickly achieved in the future? What can be done to avoid a similar attack in the future?

OH $#!+: Don’t let your employees get hooked by phishing

Phishing attacks are a form of social engineering. Curiously worded messages promise great fortune or spectacular destruction of your personal worth. Someone has carefully picked each word of that alarming email or phone call—supposedly from the “IRS,” for example—to squeeze sensitive information out of you. The game is to deceive you into believing they are who they say they are.

Digital techniques can spread malware throughout entire networks with the single click of an insidious attachment. Don’t be a victim. Check out the three steps we outlined to prevent a Chernobyl-level meltdown—and make sure your employees fully understand what these attacks look like and what to do when they receive one.

Oh $#!+: You’ve been hit by ransomware—now what?

Ransomware encrypts your data so you can’t access it without paying ransom. Your kryptonite here is a simple backup of critical data, which can negate the hacker’s biggest threat. Even better, application whitelisting—the process of creating a software-enforced policy that governs which applications can install, run, communicate, etc. within your network and on your workstations—can be a virtual bouncer against potential attacks.

And one more step: Invest in infrastructure that can monitor itself, like self-healing printers that can detect abnormalities and take themselves offline to perform diagnostics and recovery. The more proactive you and your devices are in constantly scanning the network for risks, the safer you’ll be and the quicker you can react when something goes wrong.

Convinced that cyberstrikes can severely disrupt your business? Click the blue “subscribe” button at the top of the page to make the OH $#!+ series your go-to resource for security management and IT security solutions. Stories will be delivered to your inbox automatically, so you won’t miss out on a single tip.

  • Recommended for you
  • Recommended for You