Rebuilding Your Network After a Cyberattack

Modern technology can make our work easier, more efficient, and more productive. We’re seeing new ways of doing work each and every day, but the swift evolution of technology comes with some serious risks, too. We’re seeing more and more companies, big and small, targeted by ransomware attacks.

These attacks can put every single employee and the future of even the strongest organizations at risk. We already talked about the steps to take immediately after the attack, but we want to take it a step further and look at what you must do when rebuilding your network to prevent future incidents.

Review all organizational data policies and procedures

A hole in your system was found and executed for a reason. You’re going to need to take an honest look at your own organization and all of the policies and procedures in place as they relate to data security. You may even want to have a third party look into this, as they will be able to have an unbiased view of your organization.

This step will allow you to better understand the potential loopholes and allow you to close them. Doing this before you rebuild your network may provide a clearer picture of what an optimal and protected network looks like. This process could also include purchasing cyber insurance if your previous policies did not require it.

Implement new security trainings

As you rebuild your network, you’re going to need all employees on board with any changes to the policies and procedures you just reviewed. This comes as part of the rebuilding process because your employees are going to be on the network every day. If you fail to prepare them for best practices, you could risk exposing yourself once again to another attack.

These trainings should cover everything from how to spot spam, how to respond to spam, scenarios in which data and information should and should not be shared, and much more. Every single member of the organization should be responsible and present for training to create a synergized approach to cyberattack prevention.

Create full and incremental backups

Once you’re ready to start rebuilding and you’ve done a full scan of all devices, you should back up any data that is unaffected and necessary for the operation of your company. These backups should take place on isolated devices that can be held off-network to avoid the risk both to those backups and to the company network should any impacted data be missed.

This process should be done in full immediately but should also be set to automatically take place at certain intervals in time. This will allow you to revert back to these backup points should an attack happen in the future.

Be selective in which devices and assets are restored

This one is crucial. When you start the rebuilding process, it’s imperative you don’t put any affected devices or assets back on the network without first doing a thorough wipe and clean of the compromised data. Essentially, all impacted devices and assets should be wiped clean and start from scratch unless the infected files and data can be isolated and wiped themselves.

If you put an infected device back on the network before doing a thorough wipe, you may end up allowing the hackers to get right back into your new network. Very few companies would be able to survive an immediate second attack on their network.

Don’t be afraid to start new

The best way to make sure you don’t place infected devices and assets back on your network is to start new. This will be incredibly expensive, but the cost will be nothing compared to what it would be if you were to face an immediate second attack. This could include getting all new wifi routers and services, new computers, new phones, and even new wiring if the attack compromised the integrity of physical wiring.

At Stolen Asset Recovery Network, we know the pain of companies both big and small who are dealing with these types of attacks. They can be demoralizing, but they don’t have to spell the end of your business. Find a member today and they will help you get back what was stolen from you.

The following two tabs change content below.


STARNet, which is short for Stolen Asset Recovery Network, is a global alliance of independent law firms created to provide financial institutions and governments with multi-disciplinary services across countries and jurisdictions for locating, freezing, and ultimately recovering stolen assets related to cyber heists, fraud or corruption.

Latest posts by STARnet (see all)