What to do if you’re breached


Rule number one, don’t panic.  You aren’t alone, you aren’t the first, and you won’t be the last.  Data breaches happen.  Just ask companies such as Target or Neiman Marcus.  Or the super-secret United States National Security Agency.

On a small scale, if you have a computer you suspect is compromised with malware, run it through a series of full scans using at least two credible antivirus tools.  Sophos is at the top of the Infrasupport credibility list.  MalwareBytes and AVG Free are also excellent free tools to deploy on individual PCs in an emergency.  Scan, clean anything the scan uncovers, reboot, launch web browsers, and repeat.  Continue until all scans from all tools are clean at least  three times in a row after a fresh reboot and after launching and shutting down web browsers.  Do this over a few days and be sure to update all scanning tools immediately before each scan.

Note that automated virus scans may not catch all malware because all scanners use signatures to find known malware.  The malware producers, of course know this, so they constantly change their poison trying to stay one step ahead of the scanners.  If you’re hit with a new piece of malware not yet identified, your automated scanner may not be able to find it.  So be on the lookout for strange behavior or mysterious packets leaking from your network, even after an infected system scans clean.

On a larger scale, if you have sensitive data you suspect has been compromised or stolen, please please please inform your affected customers or stakeholders.  This is the law in some states and plain good practice everywhere.  Here is a blog entry about how careless security practices and bungled handling of an incident hurt the 2008 Norm Coleman for Minnesota Senate campaign.  Here is another blog entry with comments about how to properly deal with security vulnerabilities from different points of view.  It’s a big deal and how you handle these situations can have a material effect on your organization’s future.

If you suspect an IT security issue, please please please contact a professional to help deal with it.  These issues are always sensitive and always urgent, and if handled improperly can create even more serious issues.

Contact us for more.