We've produced a document to provide help and guidance in the event of a cyber attack.  The document is part of our Information and Cyber Security Best Practice Area and covers:

This document gives a list of who to contact and what to do just after a cyber attack.  It covers:

• Containing the Infection
• Communicating
• Assessing
• Incident Response Team
• Forensic Analysis
• Remediation
• Data Recovery and Restoration
• Legal and Regulatory Compliance
• Learning from the Incident

It also includes a Data Breach Assessment Matrix to help you understand which personal data categories have been breached, so you can assess the risk to data subjects.

The document may be particularly useful for schools or organisations where there is not a resident IT professional available.

The document is downloadable:  document What to do immediately after a Cyber Attack (58 KB)

What to do in an attack:

Tell someone!  Report to IT. Report to SLT. 

Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off.

If you are a victim of a ransomware attack we would recommend reporting this to Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss.  Most cyber crimes like these will also need to be reported to the ICO by your data protection officer.

Isolate the infected device and pass to IT 

Always ensure there are backups you can restore from.

Little Guide to ACTION FRAUD

Remember – ‘Hackers don’t break in they login’!