Need specific cyber security advice? Get in touch and we'll help you out.
Contact Us


How well you recover from a cyber attack often hinges on the strength of your backups.

Cleaning a network or system of all traces of malicious code often requires a complete wipe of all storage media and a “clean install.” Therefore, recovery from such a breach may be resource intensive and require careful restoration of data from backups. Remember that backups may also contain malicious code and should be carefully checked for compromise; otherwise, the security breach will be perpetuated after the recovery phase.

To maximise your chances of a swift and complete recovery it is essential to have an appropriate recovery plan in place. Your plan should include:

  • Replacing compromised files with clean versions.
  • Rebuilding infected systems.
  • Removing temporary constraints that were imposed whilst containing the attack.
  • Changing passwords on compromised accounts.
  • Installing patches, changing passwords and tightening network perimeter security.
  • Testing all systems thoroughly – including security controls.
  • Confirming the integrity of business systems and controls.

Conducting an external penetration test of the affected systems after recovery will confirm if systems are operating normally again or not.