You need a plan of action in the event of a malware infection. What measures should an organization take to prepare?
It is a good habit to always approach a virus infection or network threat in a predefined, organized manner. Once an infection or attack is suspected, the resolution should ideally consist of 5 steps:
Follow an in-depth description of each of these as specified in the 5 steps of virus removal.
To make sure the Emergency Containment Plan is executed as efficiently as possible in the event of an infection, you need to understand your environment well. Follow these tips to be prepared ahead of an incident.
Understanding Network Topology
Fundamental to containing a virus infection is understanding the topology of your network. As a preliminary action, create a map, or use a map that you currently have, to section off your network client systems in a way that will allow you to systematically isolate and clean the computers in each section before reconnecting them to your local network. Your map should contain the following information:
Understanding Security Solutions
In addition to understanding your network topology, you need to understand how anti-virus and security products are implemented to protect your network and distribute virus definitions and security updates. Consider the following information:
Understanding Backup Solutions
It is imperative that you have critical system information backed up. In the event of a catastrophic virus infection, it may be necessary to restore servers and clients to be sure that your network has not been compromised. Having a backup plan in place with procedures to backup and restore critical systems is essential