Last week, we discussed a
disaster classification system and what might happen if someone launched an
unsupported rumor about hacking your company’s data. But what happens if the
threat becomes real? In these instances, there may be no actual data loss, but such
an attack can be a disaster all the same.

Once an attack is launched against your organization, there
are two things that must be done in every case. The first is to deal with the
attack itself, the second is to deal with the aftermath. First things first, no
matter what causes the attack, or what type of attack it is, you will need to
stop it from getting any further than it already has, which will require fast
action on your part.

Tips in your inbox

How well can your organization deal with an emergency? The Disaster Recovery newsletter helps you protect your valuable data.

Automatically sign up today!

Virus attacks, intruders and other types of Level 2 disasters
are extremely difficult to deal with. Generally, you can prepare for them only
by implementing proper
security measures and by using penetration-testing
tools, but when these disasters strike, it is—by their very nature—via the
method you least expect. For virus attacks, immediate quarantine is necessary
both for the infected files, and for the infected server systems themselves. Failure
to move quickly to stop the spread of the infection can lead to more and more damage
as the minutes tick by. This may mean suspending e-mail service, locking out
file servers, or other actions that interrupt production for your end-users,
but in the end it will mean that you will save the remainder of your data from
the same fate as that which is already under attack.

For network intrusions, not only do you have to quarantine the
affected systems, but you have to find the security hole that the intruder
used. This must be done quickly, and a patch must be found immediately to make
sure others don’t come in the same way. With intruders, since the attack was
against your systems specifically, you may also want to attempt to find out who
the intruder is, if you have the time and proper equipment to do so.

After you have dealt with the original attack, your next steps
are to salvage as much data as you can, and take preventive measures to make
sure the same attack doesn’t occur again. This could mean anything from running
anti-virus tools to performing extensive analyses to see what data was viewed
by an intruder. Document everything methodically and completely, as insurance
carriers and your company’s management will be looking for this information in
the aftermath. Testing with variations of the same attack, changing virus
protection schemes and other strategies can help to make sure you don’t fall
prey to a simple change in the same method someone used to attack you once
already.

Level 2 disasters often don’t cause downtime all on their own.
However, the aftermath of dealing with them can cut off vital systems in order
to save the rest of your organization. The decisions on how you will react will
absolutely impact your end users, and therefore must be part of your disaster
recovery planning well before the attack actually strikes your enterprise.