Someone is being “hacked” every 39 seconds.
The point is — if you have ever been hacked or had one of your online accounts compromised, you are not alone. And that sinking feeling you get when you realize you don’t have plan to deal with this kind of situation is something no one should have to deal with alone.
So, how can you recover your accounts and retain your confidence online? In this article, we will give you a first response guide that takes you through the steps to recover from a cyber attack.
Step 1: Change Your Passphrase from a Trusted Device
If you have any reason to believe you have been hacked and your account has been comprised — whether it’s your bank account or yahoo mail — the first step is change your passphrase. Passphrases are more secure and easier to remember than passwords. Use something familiar to you like your favorite song lyrics. The longer, the better! We recommend your passphrase be 12-14 characters or more, making it harder for cyber attackers to break into your account.
Passphrases shouldn’t be shared between accounts. If one of your accounts has been compromised, it’s critical you take a step back and recall everywhere you have used this same password or a variation of it. It’s standard practice for attackers to try a stolen password across multiple online accounts with the victim’s email address. This allows the attacker to gather more information and start a rinse and repeat process.
To be effective, you want to do this from a trusted “clean” device or a device that hasn’t been compromised. We often suggest an iPhone or Android phone. The risk of these devices being compromised is significantly lower than say a Windows 7 machine.
After you change your passphrase, review your account settings to verify nothing has changed or no foreign devices have been added. It’s common for an attacker to add their email account to improve the likelihood of getting back into the account.
Step 2: Tell Your Friends, Family and Contacts You've Been Hacked.
Alert people you communicate with that your account has been hacked and the attacker may send strange messages in your name looking for more victims. Advising your contacts to keep a close eye out is often your only course of defense during the cleanup process.
Telling everyone who could be impacted by this breach is another step in the right direction.
Step 3: Keep Watch of Your Accounts
It’s not unheard of for attackers to leverage access to a seemingly innocent website to gain access to bank accounts or credit accounts. A great resource to find old accounts that may have been effected by data breaches is the website https://haveibeenpwned.com/
In your spare time, visit this site and see if your email address has been observed in any key breaches. If it has, identify the password associated with this account and change it immediately!
Step 4: Scan Your Computer for Viruses & Malware
If you opened a questionable file on your desktop or laptop computer, the sooner you can verify your machine is clean the better. It doesn’t matter, if you device is a Windows or Mac.
Phishing attacks make up for 92% of malware attacks. Specifically, macro-enabled Office documents. These malicious documents are designed to run malicious code in the background and ultimately grant access to the victim’s machine.
It’s often a good idea to run an on-demand scanner once or twice a month just to get a second set of eyes during a security incident. A couple examples of on demand scanners include Malwarebytes and ESET’s online scanner.
Step 5: Enable Two Factor Authentication
It might seem like overkill to some, but two factor authentications (2FA) on every single online account is an absolute must. 2FA usually requires you to acknowledge that you are trying to login on a different device. For example, if you are logging into Facebook with your password, you might get a text with a number combination to verify your identity. 2FA provides an extra layer of security.
If you enable 2FA only one account, make sure it is your bank account.
Trust an Expert to Help You Recover from a Cyber Attack
This first response guide will allow you to take back control of your accounts in a reasonable timeframe and reduce the risk of having your accounts being compromised in the future.
Experts estimate by 2023 cybercriminals will steal 33 billion dollars from businesses. Is your business prepared for a large cyber attack?
Learn more with this article: 5 Reasons It Might Be Time to Outsource Your IT with a Managed Service Provider