What To Do In The First Few Minutes Of A Cyber Attack

Shakhawat Hossain - 0xShakhawat
3 min readMay 11, 2022

1. The employee who encounters the threat first needs to alert the IT and management teams.

When an employee encounters something irregular with their computer, they need to notify the IT team immediately. It doesn’t matter if it’s a false alarm, but if something is out of the ordinary, the techs need to know. There are times hackers and threat actors keep their attacks under the radar so they can steal data without issue. No one should take any irregularity for granted.

2. IT staff must disconnect the computer from the network and start documentation of the infection.

Once the tech team identifies the compromised computer, they need to remove it from the network immediately. They should start unplugging the LAN cables and move to contain the threat inside the unit. Aside from containing the threat, they will need to check nearby units for infection.

3. The company should check their backups in the cloud.

A member of the IT team needs to go to their existing backups and make sure they are not compromised in any way. The integrity of the backups will ensure the continuity of business operations after the attack is over and the team contains the bad actors.

4. The IT team on-site should start implementing cyber security protocols.

If a company creates a cyber security response plan, there should be rules and procedures for how to treat the first minutes of the discovery of a cyber-attack. If the incident response team is not yet on site, the first responders should start implementing what’s stated in the plan. If the plan calls for the scene of the cybercrime to be cordoned off, the IT team should preserve the integrity of that particular part of the network.

5. The IT team should call the attention of the employees and educate them about the attack or infection.

The company should immediately inform their affected employees about the cyber-attack. Human error can serve as the root cause of a breach and it can also definitely worsen a crisis. Employees need to learn how to act during such a situation in order to minimize and prevent further damage. For example, if the source of the threat is a phishing email, IT staff should immediately inform employees not to click or open a particular message to avoid any malware from spilling onto more computers.

6. Use security systems to track potential malicious assets.

Companies with security operations centers or blended solutions like Comodo Endpoint Security should definitely use their resources to make sure the threat is controlled. As we have previously mentioned, re-infection can still happen and it’s best that all trace of malware or security vulnerability be controlled as soon as the issue stabilizes.