|When you get attacked|
|Cut off the source of attack and any routes a virus may take out of the network.
||It's important to stop the flood of viruses inward, but also to ensure that a virus that has got in cannot replicate itself across the network and/or outside.|
|If you suspect that the virus is percolating through your network, segment it by disconnecting switches and routers where appropriate.
||It's important to confine the virus to as small an area as possible.|
|Inform the business of the situation to whatever extent is possible.
||If you don't, the phone won't stop ringing, but of course if your email server is infected it may be impossible to inform everyone quickly.|
|Ensure your AV toolkit has the appropriate cleansing capability for the virus you're infected with.
||The virus may have crept in between AV updates.|
|If a special disinfecting tool needs to be downloaded, do so via the computer you know to be clean.
||Some viruses can only be removed via separately downloaded tools, not by the standard AV system.|
|Before disinfecting machines, ensure that you apply appropriate protection to prevent re-infection, including updating your AV signature files.
||Note that if the virus is brand new, you may have to wait for the AV agencies to put out a patch, during which time you may have to keep some systems disconnected.|
|Starting with central components such as servers, clean and double-check the cleanliness of each system. Keep 'clean' and 'dirty' systems separate and assume everything to be 'dirty' unless proven clean. Connect systems back up only when they are known to be clean.
||Once you have disinfected an area, you don't want to re-infect anything in this area.|
|Once everything is clean, verify that the source of attack is no longer a threat.
||Have you protected yourself against the problem, or has the attack simply gone away, to bite again tomorrow?|
|Inform staff and management when systems are running normally; if some systems have to stay out of commission, make this known and report as you re-commission services.
||80 percent of the customer experience is down to users and management feeling that they are being kept informed about what's going on.|