How to Recover from a Phishing Attack – Part 2

Overview of the Last Blog

Our last blog examined some of the various steps that your business or corporation take to recover from a large-scale Phishing attack.  In this blog, we continue with these them.

The Process of Recovering from a Phishing Attack - Continued

1. Remediation:

This is deemed to be one of the most critical phases; as this is where the damage of the Phishing attack will be contained.  This will involve the following:

• After determining whom the impacted employees are, immediately change their usernames and passwords;
• After determining the impacted points in the IT Infrastructure, also immediately change login credentials of the people who have access to those particular resources as well;
• If the impacted points include Smartphones, immediately execute the “Remote Wipe” command to those affected Smartphones, so that any sort of sensitive information/data that resides on them will be deleted and cannot be accessed.  In these instances, have your employees return the affected Smartphones back, and issue new ones with usernames and passwords;
• Continue to monitor all systems within your IT Infrastructure and all User Accounts for any misuse, or for any unusual anomalies that may be occurring.  If any of these are happening, you may want to consider shutting down those systems to in order to conduct a more detailed investigation as to what is happening.  But this should be done with careful planning, as this could cause downtime in normal business operations.

2. Risk Avoidance:

Once the damage has been contained and all impacted points within the business or the corporation have been remedied, the final stage is to determine how to avoid this kind of Cyber-attack (or for that matter, any other kind) from happening again.  Some areas that should be considered are as follows:

• Consider hiring an outside Cybersecurity firm to assist you in conducting a deep analysis of what really transpired.  They can offer solutions that are specific to your situation, and even conduct various Penetration Testing techniques to determine if they are other unknown Security vulnerabilities in your organization.
• Always make sure that you are on a regular schedule of deploying software upgrades/patches on all of your servers, workstations, and wireless devices.  This includes making sure that the Web browsers across all workstations, wireless devices, and servers are up to date as well as making sure that you are making use of the latest antispyware/antiphishing/antimalware software packages.
• In a Phishing attack, in the end, it is always individuals that are impacted first, then the IT Infrastructure after the login data has been hijacked by the Cyber attacker.  Therefore, the greatest emphasis must be placed on this area, which is employee awareness.  In this consider the following:
  • Conduct training programs at regular intervals (at a minimum at least once a quarter) with your employees.  Teach them the following:

• What the signs of a Phishing E-Mail look like, paying careful attention to phony looking Sender names, sender domains, and in particular, any misspellings in either the subject line or the content of the E-Mail message.
• How to determine if a link is malicious, by explaining how to hover over the link in question to see if the domain on that matches up to what is displayed.  If they do not match up, then the link is a malicious one.
• If they receive an E-Mail or an attachment that they were not expecting but it comes from somebody they know, to contact that particular sender first to determine if they really sent it or not.  If not, they should be instructed to forward that E-Mail message to the IT Security staff, then it should be deleted from the inbox.
• Always instruct them to trust their instincts, and if anything looks suspicious, to report it, and again, delete the message from the inbox.
• Instruct them how to verify the authenticity of any website that they may use, especially paying attention to the “HTTPS” in the URL bar.
• Also, instruct them to never click on any type or kind of pop messages that they may receive on their work-related devices.

• At random intervals, have the IT staff launch phony, Phishing E-Mails to see if they are picking up what you are teaching them.  If they open up that E-Mail message, then they should be immediately notified that they fell prey to a Phishing E-Mail and will require further training.
• Have your IT Staff, especially your Network Administrator, stay on top of the latest Phishing techniques.

• Install Ani Phishing toolbars on all servers, workstations, and wireless devices.  These packages run checks on the websites that your employees are using against various databases of known Phishing websites.
• Make sure that your Network Infrastructure is up to date as well, by routinely testing your firewalls, network intrusion devices, and routers.  Once again, a Cybersecurity firm can help you establish the appropriate protocols in conducting these tasks.
• Determine what controls have failed and take the necessary steps to either rectify them or implement new ones instead.
• Implement a special hotline where employees can get into direct contact with the appropriate IT staff in case they see or witness anything suspicious that is associated with a Phishing attack (of course, they should also be able to report any other Security issues as well).