fbpx

Microsoft 365: Hit by a Cyber Attack? Do This Next

Reading Time: 4 minutes This is Part 4 of 4 in our awareness series on Microsoft 365 and cybersecurity for small to medium-sized businesses in South Africa. Read Part 1, Part 2, and Part 3. Malware strikes your business. It’s too late for proactive protection. It’s too late to regret! What now? Time is of the essence to curb […]
part 4 microsoft 365 hit by a cyber attack do this next
12 Jun, 2022
Reading Time: 4 minutes

This is Part 4 of 4 in our awareness series on Microsoft 365 and cybersecurity for small to medium-sized businesses in South Africa. Read Part 1, Part 2, and Part 3.

Malware strikes your business.

It’s too late for proactive protection. It’s too late to regret!

What now?

Time is of the essence to curb further damage to your Microsoft 365 environment, business continuity, reputation, employee morale, and most importantly, bottom line.

Knowing where to start mitigation efforts are essential to avoid panic and confusion at a time of crisis.

In this article, we cover what to do next if malware, such as ransomware, afflicts your business and Microsoft 365 environment. Share this article with your employees and consult senior management to have it worked into your Business Continuity and Disaster Recovery strategy.

Let’s take a look:

Go Offline

When you discover a virus on a device (anything from a laptop to a POS terminal), remove that device from the network immediately in order to isolate the system to prevent malware from infecting other networked systems.

Physically unplug any ethernet cables, remove the SIM, and turn off Wi-Fi connections. If you can’t change the Wi-Fi setting, physically move the device out of range of your network. These steps require basic computer literacy to implement, so all employees should be taught how. Thereafter, employees should contact the IT department urgently.

Disable sync services, such as OneDrive Sync to prevent the system from syncing any infected and/or encrypted files to your company’s OneDrive for Business and other cloud service solutions. Pause the OneDrive sync client on the local device too, if possible.

Related:

Ransomware Attacks in South Africa: What You Need to Know

Restore via Microsoft OneDrive for Business

restore from cloud backup

You may be able to revert to an earlier version of an encrypted file, since MS OneDrive for Business saves file version histories. From a system not affected by a virus, access OneDrive for Business in the browser, select a file, then choose “Version History”.

A list of the saved versions of the file – with modification dates – will display. You can view earlier versions of the file, then choose “Restore” when you find a version not affected by malware.

Choose a file, choose a version, restore. You’re done in a few seconds. Then repeat that process for every file. That can take time – and will not be practical if malware has encrypted hundreds or millions of files across your business. In these cases, opt for a restoration to a previous point in time. This will restore everything back to normal but requires expertise from a qualified MS 365 admin to implement thoroughly and comprehensively, however. (Speak to iSite Computers if you need help).

Finally, know that version history is a setting. It can be turned off. If it had been turned off prior to the cybersecurity incident, this method of data recovery won’t work.

Read More:

Get to Know These 6 Benefits of Microsoft OneDrive for Business

Attempt On-Device Recovery

For specific devices, you may need to recover files that were not saved on the cloud.

Run a complete scan of the system with professional security software. Then, run a complete scan with Microsoft’s Malicious Software Removal Tool, followed by Windows Defender Offline. A combination of the above might be sufficient for recovering files not stored via Microsoft 365.

Restore from Backup

An uninfected copy of your data offers the only real protection from malware. If you know your data is backed up, you can start again: erase your device, re-install your apps, then restore.

iSite Computers deliver cloud recovery services for Microsoft 365 data. You can select a time before your files were locked or corrupted by malware to restore, and iSite Computers can restore your email, files, folders, contacts, and calendar items in their original, un-encrypted formats.

And, since it is in the cloud, you could even switch to a different device, login and restore your data to Microsoft 365 from your snapshots. iSite Computers help you save and secure your data. We setup systems that backs up your data automatically three times a day, and it encrypts your data to protect it. The systems have passed SOC 2 Type II audits, and include several audit logs, internal controls, and monitoring to ensure your data is always available.

Read More:

Backups & Data Protection for SMBs in South Africa – What You Need To Know

Rebuild / Reimage

After you’ve recovered your data, you next need to restore your system to a healthy state.

Often, you’ll do this by restoring a standard image-based backup that contains your operating system and a default set of apps. Most large organizations store a few standard image-based setups to aid speedy recovery.

Summary

This concludes our four-part series on Microsoft 365 and cybersecurity for small to medium-sized businesses in South Africa. In summary:

  • Keep your systems current, leave legacy browsers behind, and patch your systems promptly.
  • Shield your network with filtered DNS, and similarly rely on Microsoft’s SmartScreen to keep employees safe from malicious sites and downloads as they browse the web.
  • With a few tweaks to Microsoft 365 settings, keep harmful attachments out of email and upgrade defence systems overall.

 

And above all: Back up your data.

Rapid recovery of your data, systems, and Microsoft 365 environment is possible after a malware attack… but only if you have a backup.

Ready to Implement These Tactics?

iSite Computers is here to help.

We are an official Microsoft Partner and a managed IT services provider.

We help small to medium-sized businesses in South Africa with everything from setting up and migrating to Microsoft 365, management and maintenance, cybersecurity, backup, and recovery, as well as employee training.

We offer free, no-obligation consultations on Microsoft 365 and more. Book your consult online and we’ll call you back soon – or contact us directly to get started.

Call Isite Computers

Join Our Newsletter

Related Posts

Comments

0 Comments

Submit a Comment

Your email address will not be published.