InfoSec / Cyber

Cyber attack in red text on a computer screen with blue text

What to do in the event of a Cyber Attack

We've produced a document to provide help and guidance in the event of a cyber attack.  The document is part of our Information and Cyber Security Best Practice Area and covers:

This document gives a list of who to contact and what to do just after a cyber attack.  It covers:
  • Containing the Infection
  • Communicating
  • Assessing
  • Incident Response Team
  • Forensic Analysis
  • Remediation
  • Data Recovery and Restoration
  • Legal and Regulatory Compliance
  • Learning from the Incident
It also includes a Data Breach Assessment Matrix to help you understand which personal data categories have been breached, so you can assess the risk to data subjects.

The document may be particularly useful for schools or organisations where there is not a resident IT professional available.

The document is downloadable:  document What to do immediately after a Cyber Attack (58 KB)

What to do in an attack:

Tell someone!  Report to IT. Report to SLT. 

Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off.

If you are a victim of a ransomware attack we would recommend reporting this to Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss.  Most cyber crimes like these will also need to be reported to the ICO by your data protection officer.

Isolate the infected device and pass to IT 

Always ensure there are backups you can restore from.

Little Guide to ACTION FRAUD

Remember – ‘Hackers don’t break in they login’!

Search