While there is plenty of advice available about what to do to prepare for a cyber attack and how to shape your security to minimise the risk of a data breach, what do you do if you realise that you may have already fallen foul of malicious activity?
Becoming the victim of a hack is increasingly common, but that doesn’t mean that victims suffer any less worry and confusion. This article offers some advice on what to do if it looks like the worst has happened, including how to minimise the damage and how to prevent future breaches.
Changing passwords
If you suspect a breach, don’t wait for ransomware to lock you out of your system. Where there are red flags, decisive action will help to minimise the damage.
One of the simplest methods hackers use to get access to accounts and networks is also one of the easiest to prevent. Most people have email addresses that are regularly handed out. If this is coupled with a weak password, such as ‘password’ or ‘123456’, your account is like a door left on the latch, and requires minimal effort for a hacker to gain access to. “Credential stuffing“ is rife, with 90% of online retail login activity thought to be hackers trying their luck.
If you have been hacked, chances are it’s due to a weak password and so one of your first steps should be to replace all passwords with secure alternatives. As well as complexity, the key to an effective secure password is to ensure they are not reused on multiple accounts, not matter how convenient this might be.
A simple solution to managing all of these new complex passwords is to use a password manager. These are tools that can remember all of your passwords (and many also help to generate new, complex passwords) meaning you will only need to remember one password rather than dozens. Better yet, you could also opt to sign in using biometrics on your mobile devices.
Monitoring accounts
Attacks will rarely stop at one account. If they have had some success, hackers intent on identity theft will likely try to gain control of other accounts. An attack on one area should always be considered a signal to double-check the security of others. This includes checking your email to make sure it isn’t being used to forward information, and ensuring that social media accounts are not being used to contact people you follow.
Even if you have lost control of an account, it can still be recovered. For many major accounts, such as those held by Google, Facebook, Twitter or Apple, there are account recovery tools or processes that will help you to regain control by proving your identity.
It isn’t just email and social media accounts that need to be checked, however. If your details have been collected there is a possibility they will be used to try and make unauthorised purchases using your bank account or credit card. So, keep a close eye on your transactions and make sure that you contact your bank swiftly if you spot any unauthorised purchases.
Revoke third-party app permissions
It may be increasingly common and would definitely have been convenient at the time, but signing up for apps or tools using your Google or Facebook credentials is a shortcut that is often not worth taking. Not only could hackers gain access to these accounts, but they could create new accounts without your knowledge, which they would retain control of even if you change your passwords.
If you have been breached, it’s important to remove the permission for every app you have connected to using this sign in method, and they should only be reinstated when you are sure that your accounts are secure.
Wiping devices and restoring from backups
If it looks as though you have suffered an attack, the safest step is to assume that your devices have been compromised and to run antivirus and malware scanners across your network to make sure there are no nasty surprises waiting for you.
If the scan results reveal that your devices have indeed been compromised, the best course of action is to wipe your hard drive, reinstall the operating system and restore your sensitive data from a backup. In most cases, keeping a regularly updated backup is as important a step in seeking to protect against threats as strong passwords and antivirus software.
For example, a device that is infected with malware may have its contents held hostage until a fee is paid, which might sound disastrous, but with a backup in place, the only inconvenience would be the few hours it would take to wipe the device and restore your sensitive data from a backup.
Prevent future breaches
Knowing what to do if you suspect a breach has occurred is vitally important, but hopefully, you are not yet in that position. To make sure that your data is not compromised, the best step is to create new practices. There is no setup that will guarantee 100% protection and assuming hackers are always getting smarter, you should be motivated to continue to monitor and improve your security tools and best practices.
Keeping software up to date and implementing strong passwords are good steps, but additional measures like a VPN, which will improve the anonymity of your online activity and offer end-to-end data encryption, can help to bridge any gaps in your existing security measures.
While you will certainly be an advocate of best practices after recovering from an attack, the best way to prevent future breaches is to tell others about it. Simply by sharing your experiences with friends and colleagues, you will make the threat of an attack feel tangible and real.
By shattering the complacency that comes with breaches becoming a daily occurrence, more people will improve their own security and, in turn, make the hacker’s life as difficult as possible.
Terry Hearn is a researcher and copywriter, working for a number of international cybersecurity brands. His professional work covers topics from consumer tech to business data protection, and outside of the office, he sidelines in covering the latest sporting news.
