Despite all your security efforts hackers can still get the best of you and find a way into your system.
If your computer has been compromised and infected with a virus or malware, you need to take immediate action to keep your files from being destroyed and prevent your computer from being used to attack other computers in the organization. Here are a few of the basic steps you need to perform to get back to normal after you have been hacked.
How was my computer hacked?
Your computer was most likely compromised in one of four ways:
- You do not have up-to-date security software installed.
- Your passwords are weak and easily hacked.
- You clicked on a malicious link in an email, IM conversation, or on a social networking site, or webpage.
- You downloaded an attachment or an item with malicious scripts or files attached.
What to do after you have been hacked
Isolate Your Computer – To cut the connection the hacker is using on your computer, you need to isolate it so it is unable to communicate on the network. Isolation will prevent it from being used to attack other computers as well as preventing the hacker from continuing to be able to obtain files and other information. It may be necessary to pull the network cable out of your PC and turn off the Wi-Fi connection. If you have a laptop, there is often a switch to turn the Wi-Fi off. Do not rely on doing this through software, as the hacker’s malware may tell you something is turned off when, it is actually connected.
Contact IT Support – After you isolate your computer you need to contact your IT support immediately so they can follow their security incident response policy and take appropriate action.
Allow Your IT Support Team to Scan Your Drive for Malware – Most hackers collect passwords using malware that has been installed on your computer (or mobile phone if you have a smartphone). No matter which operating system you use your IT Support team will need to be sure your programs are up to date.
Change Your Password. Do this after your anti-virus and anti-malware programs are updated or the hackers may collect your new password as well.
- Strong passwords do not have to be hard to remember, they just must be hard to guess.
- Make your password at least 10 characters long, and use capital letters, lower case letters, numbers, and symbols.
- Do not use information about yourself or someone close to you (including your dog or cat!) like name, age, or city.
- Do not use words that can be found in a dictionary, these are easy for hackers to break, even if you spell them backward.
- Text messaging shortcuts can help make strong, memorable password creation easier. For example L8rL8rNot2Day! translates to later, later, not today.
- Studies show that the average email account has 130 password-protected accounts linked to it, so it’s no wonder passwords often aren’t as secure as they should be. A password manager can help you keep them in order and encrypted.
Now that the security incident has been handled properly its time to make sure you have Prevention methods in place to avoid being a victim of a cyber incident again.
Consider adopting two-factor authentication. Many email providers offer two-factor authentication (2FA) as an additional security measure. This method requires both a password and some other form of identification, such as a biometric or a mobile phone number, to access an account.
Smarten up about spam, phishing, and scams. Spam comes at us from all angles; in the mailbox in front of your home (junk mail) in your email inbox, via IM, social networking sites, chats, forums, websites, and sadly, now also on your phone. Now more than ever, it is important to be on the lookout for phishing scams.
With the current landscape of COVID-19 fraudsters are using the pandemic as a scare tactic to get sensitive information. Watch for fake websites imitating Health Canada, and unsolicited text messages and emails.
No reputable bank or company is ever going to ask you to ’authenticate’ information online. And if you get an email with a link to one of these sites, don’t use it; instead, use your search engine to find the site yourself, and then log in. If the message was legitimate, the message will be waiting for you in your account.
Validate the legitimacy of any program, file, app or video before downloading it. If the content is pirated, free, or comes to you anonymously, assume it has malware. Often corporate systems have the ability to catch malicious files before they reach your inbox however each security system is different and as the user you are the last line of defence. Be skeptical of any unsolicited email with an attachment and when in doubt, report the content to your IT department.
Work with a provider to make sure you have procedures, policies, technology, and tools in place to work together to create a total cybersecurity framework. Ensuring your account is protected should be a top priority. Having a proactive monitoring solution and a team for emergencies are two strategies that will help minimize damage and recover compromised systems. If you’ve been hacked and are unsure what to do next, let us know and we’ll work with you to create a strategy to protect your business.
Are you looking for additional support and a strategic plan to protect your firm? Let us know, and together we’ll build a plan to secure your data.