This is a guest post from TechRepublic's Mark Underwood. For more posts, like this see TechRepublic's Five Tips blog.
The moments when malware is rifling through your process table are not conducive to lucid contemplation, but that’s exactly when you must don your First Responder hat. Taking the right steps early on in the infection can save hours of later remediation. These steps may be routine for full time malware warriors, but network security is only one duty among many for the typical SMB network administrator. Here are some tips for minimizing the impact.
Note: These tips are taken from the article Network security: Seven tips for desktop malware first responders.
1: Understand the risks
Obey the First Responder’s Hippocratic Oath: Do no harm. In other words, don’t make things worse. Assess whether the malware needs to be removed immediately or whether a better approach is to shut down the machine and pursue remediation in a controlled environment. Consider what data is at risk of being compromised vs. the current need for the device.
2: Carry a Web-enabled smart phone and carry a big (16GB USB) stick
Pay for that data plan. Get reasonably proficient with a favorite mobile browser. Store bookmarks. Most phones support flash cards where additional remediation software can be stored. Also, consider carrying a hefty USB drive containing favorite anti-malware utilities, if not a fully bootable OS with security tools on it, such as Slax
3: Check for broader attack
Determine whether the attack is an ordinary bit of malware visiting your unlucky laptop or a feint: a sequence of attacks designed to exploit the usual remediation steps rather than succeed with the initial infection.
4: Conduct a disaster recovery walk-through
Even if you’re fortunate enough to avoid a data loss on this occasion, it’s still worth exploring the disaster recovery options you might have taken. They may need updating. The experience may also turn up some useful online security Web content, so be sure to update your phone’s bookmarks, too.
5: Review and document
In the military, it’s called “After Action Review,” or AAR. After the malware has been removed and damage corrected, assess which tools were needed and make them more convenient to access. Document what happened. Ensure that your CEO doesn’t encounter the same nuisance just before heading out to testify before a Congressional subcommittee.
Check out Five Tips… the newsletter
Get a concise roundup of solutions and techniques that will make your IT job go more smoothly. TechRepublic’s Five Tips newsletter, delivered every Tuesday, gives you instant access to the information you need. Automatically sign up today.