Skip to content

7 Tips on How to Recover From a Cyber Attack

July 26, 2019

We’ve all seen those Hollywood movie scenes where a cyber attack happens and utter panic ensues.

There’s feverish typing, a series of hectic phone calls, and computer screens going black.

In real life, things look a lot different. In fact, it may be days, weeks, or even months until you realize a cyber security breach has occurred. Once you figure it out, you might be unsure what to do next. We asked seven people who’ve gone through their very own cyber attack and found out the steps they took on the road to recovery.

Steps to recover from a cyber attack

It’s easy to throw your hands in the air and panic after you experience a cyber attack. But before you resort to that, check out what these experts had to say about the steps they took to recover what was lost.

1. Determine what was lost

“The first step you should do after a cyber attack is the most important, and also by far the most overlooked. Sometimes it is pure laziness and other times companies don’t want to face reality, but if you are the subject of a cyber attack you need to determine exactly what information was stolen. The reason for this is because the information stolen directly determines what your next step is.

Think of it as one of those spider charts you see on a detective’s wall when they’re trying to pin down a murder. They’re trying to make a connection with lines and pictures of people. You need to make a similar chart after a cyber attack. You start with whatever was stolen and then make connections and steps from that information. If email addresses were stolen, your flow chart of next steps is going to look extraordinarily different than if social security numbers were stolen.”

- Will Ellis, IT Security Consultant and Founder of Privacy Australia

2. Replace the old with the new

“In the first 3-4 months after a previous company I worked for experienced a cyber attack, we replaced every piece of security technology with new technology and added tools where it was needed to create defense in depth. We concentrated on making the solutions highly integrated, creating wide-ranging viability and alerting, and took advantage of automation. We consciously balanced preventive tools with detective capabilities instead of one or the other.

In my experience, even if you buy all the shiny new technology, but it’s useless without solid processes and controls in both IT and the business. Data breaches and attacks, regardless of if they are from the inside or outside, hinge on the behavior of people. No technology can stop a motivated person with enough time and resources. It can prevent the majority but not plurality.”

- James Sipe, VP of Compliance and IT Security at SparkPost

Recover From a Cyber Attack

3. Stop everything to find the virus

“One of my previous employers experienced a cyber attack and they sprang into action right away. The course of action was to find the virus that someone had downloaded from a phishing email. Every computer was scanned and the internet was shut off all week to ensure the virus didn’t spread or any other malicious emails were sent.

The following week, they were able to get all the computers cleaned so the internet was turned back on. Following the attack, precautions were taken so that no outside emails were allowed in the company's Outlook email server. If any were to come through they would immediately be blocked. The company then made sure to conduct phishing training with mock scams sent to people to teach them not to open unauthorized messages.”

- Becky Beach, Blogger at MomBeach

Related: With so many cyber security threats coming through via email, make sure your company is using the best email security service providers on the market. Check out our list to see what people are saying about these software solutions.

Read reviews of Email Security Service Providers, FREE Learn more →

4. Invest in proper software

“Preparing for an attack starts with assuming an employee will introduce malware into the network and taking steps to prevent its spread when that happens. It's incredibly hard to prevent employees from making mistakes, which is why organizations need security technologies that prevent ransomware and spyware from spreading once the inevitable happens.”

- Chris Bates, VP of Security Strategy at SentinelOne

5. Make the most of your backups

A few years ago, I fought off a ransomware attack. An email came in to my customer’s employee, claiming to come from a trusted source. The employee opened the attachment and unwittingly launched a malicious program that scrambled many of the organization’s files.

This happens to people every day and the recovery process doesn’t have to be anything heroic. In this case, I recovered all my customer's scrambled files from the previous day's backups and life went on. Thankfully, they only lost one day of productivity, and so what could have been a disaster turned into an inconvenience. We had a long talk with the employee about the dangers of opening email attachments after that, and reminded everyone else to be careful.”

- Greg Scott, Author of Bullseye Breach: Anatomy of an Electronic Break-In

Get 50+ cyber security resources, FREE.    Get my resources →

6. Keep the virus from spreading

“Due to the advancement of technology the cyber attack is the most common thing occurring in our day-to-day life. One must take some of the steps once the cyber attack has been performed. The first thing is to disconnect the internet, remove remote access, change the settings for the firewall, and update the credentials of the affected system/account which may prevent future attacks.

It’s also important to keep an eye on the affected system and make sure that it doesn't continue spreading. When it is affected by the commercial level, notify all your staff and customers about the attack and help them to take the necessary measures which can save them for the cyber attack. You can take legal action towards the attack by reporting to the cybercrime department.”

- Aashka Patel, Data Research Analyst at Moon Technolabs

7. Secure your passwords

“My company recently encountered an unusual scam with a hacker. We offer payouts to our customers and send checks to them, and the hackers were using customer information to set up accounts on eTrade and other online investment websites. They were also sending almost $5,000 at a time to their accounts.

The first step we did to stop the hackers and rectify the situation was, not only work with Bank of America to reverse the charges, but also set up multi-factor authentication and use an extremely secure and strong password. As an additional defense, we are using LastPass to keep internal passwords private.”

- Jack Wight, CEO of Buy Back Boss

Related: Interested in using LastPass? Find out what your peers had to say and read their reviews on this password management software.

Browse LastPass user reviews →

Take a deep breath

A cyber attack can happen to anyone, so before you reach full panic mode, see if these seven tips from those who have already been through it can help you recover. Remember: you’re not alone, and whether you’re a victim of an insider threat or identity theft, know what you can do to maximize your recovery efforts.

Share your knowledge!

Help others within your industry and grow your personal brand by contributing to the G2 Learning Hub! Signing up takes just a few seconds and soon you can be like one of these 7 professionals who share their expertise in sales, marketing, or business development with over 1 million monthly readers.

Learn more →

Never miss a post.

Subscribe to keep your fingers on the tech pulse.

By submitting this form, you are agreeing to receive marketing communications from G2.