Tuesday, February 7, 2012

Emergency! What to do

Okay. The worst has just happened and you think your network has been infected with a virus. The first rule is don't panic!A virus infection has happened to others and was bound to happen to you at some point. Hopefully you anticipated this and have an Emergency Response Team ready to operate. An Emergency Response Team should be part of your Security Policies and is composed of experts who can take over in an emergency.
 If you don't have an Emergency Response Team, don't panic! Here's what you do:
1. Identify what infection you have.
You may have to do some research on an anti-virus Web site if your anti-virus program can't specifically identify which virus has entered your system. If your anti-virus program has all of its updates, it should be able to identify the virus. If your anti-virus program has not been updated recently, do that immediately.
2. Locate the source of the infection.
Scan all machines on your network to pinpoint which machines have the infection.
3. Quarantine all infected machines.
Take them off the network so the infection can't spread. That could mean physically unplugging the offending machines from the network or, if the infection is rampant, taking the entire network offline. You don't want to risk infecting others inside or outside of your network.
4. Eliminate or "cure" the infection.
Run your anti-virus program on all infected machines. Sometimes the anti-virus program can't reverse the infection, which means that you'll have to manually disinfect all machines. To manually disinfect a machine, you have to change registry settings or reinstall a portion, if not all, of the operating system. The anti-virus vendor's Web site should have specific disinfection instructions. If there is no information on the Web site, don't hesitate to give them a call.
5. Don't bring the machines or the network back online until you are sure all traces of the virus are gone.
This means scanning all machines AGAIN.
6. Have a staff meeting and tell everyone what happened, why it happened, and what you had to do to fix it.
Make this a "lessons learned" excursive and not a meeting to point fingers and place blame. You may discover a whole bunch of things you did correctly, too. View this as an opportunity to make sure it doesn't happen again.

No comments: