What immediate action should an SME take to stop a hacker?
What immediate action should an SME take to stop a hacker?

SMEs are a regular target for cyber-criminals, and their websites are commonly hacked to send malware to visitor's machines or to conduct BlackSEO campaigns to increase a page's ranking. Recently we have helped a lot of SMEs deal with ransomware that locks all of the business files on their computers.

It's very important as an SME to be aware of the risks you face, whilst implementing quick and easy protective measures that will make you more secure than the average victim. One key way is to ensure that your main computers are constantly updated with anti-malware, as well as implementing a secure, and moreover mandatory, backup plan.

You should ensure that all employees, not just the IT department, are trained and that web service companies are fully audited on a regular basis. Users can also be extra-protected by controlling their online identities with two-factor authentication schemes.

What you can do about malware on your system the minute you know it's there

It all depends on how quickly it's identified but the automatic response should always be to unplug the server from the network. Once disconnected you can analyse if the server has any key information that is not replicated elsewhere in the company – if it does then that's the problem identified!

If all data is in the backup and there is no software, tools, or information – such as Digital Certificates or software licences - to recover, then the computer should be handed over to a Forensic Analyst. Like any good investigation, the questions “What? Where? When? Why?” are absolutely crucial.

Of course, next steps should be to analyse the rest of the network because the infection could have spread, and you could be facing a much more serious scenario.  If a computer has unique data or unique tools, then the best option is to involve a security professional who can save the data without infecting the rest of the network.

•             What does a good plan of action look like and how should it be implemented?

The primary action plan for any company serious about fighting malware should be to start with ‘hardening' the company. To achieve this, the key questions the organisation needs to ask are:

- What is the data we can't operate without?

- What are the minimum systems we need to continue doing business?

Once identified these should be protected, and kept updated. Any security protection can be constructed based on this, while always keeping data and business integrity front of mind.

Contributed by Chema Alonso, CEO, Telefonica's digital security company Eleven Paths