What Should I Do?
- Check with Vendor to find name/type of exploit used i.e. ransomware, website injection, database upload
Do they believe the exploit is fully removed or has been FULLY resolved?
Ask how the attack entered their network (email link, email server, usb stick, file download, web server) - Change all passwords tied to the vendors account. Use strong complex passwords of at 14 characters of upper lower case, numbers, and special characters
- Notify SEO Service Center of the vendor and the problem to help us protect our database
- Notify your staff to be on lookout for bogus emails or hacking emails specifically targeting your intuition, such as bogus director emails or bogus staff emails
- Sure up your own network security by:
- Create a continuity plan for your Library should you become the victim of an information security breach (Cyber incident) or ransomware attack: outline specific steps to be taken and who is responsible for taking the steps
- Make sure all Windows Operating Systems, Firewalls, Switches, Wireless Access Points, and Wireless Devices are updated to the latest Software (OS) patches on a monthly basis
- Make sure all hardware is updated to the latest firmware version (Computer Systems, Servers, Firewall, Switches, Wireless Access Points) on a monthly basis
- Make sure all 3rd party software on workstations or devices is updated with any critical patches i.e. Chrome, Edge, Firefox, Adobe, Office software, and Vendor software
- Require the use of complex passwords that are changed at least every 60 days
- Use Antivirus and Anti-malware software on workstations or servers
- Back up data regularly and double-check that those backups were completed.
- Secure your backups. Make sure they are not connected to the computers and networks they are backing up for the best security
- Set a schedule to look at logs from the Firewall and/or Antivirus software to check for any compromise.