What to do if you think you’ve been hacked
In April 2019 the National Cyber Security Centre (NCSC) published its first UK Cyber Survey which revealed that 42% of Brits expect to lose money to online fraud. Falling victim to hackers can have a devastating effect on your business so it’s important that you and your employees are prepared and know exactly what to do if it is suspected that your systems have been hacked.
If you believe any of your accounts have been compromised you should take action immediately and follow these steps:
Contact your IT Support Team
If your business is covered under an IT support contract or you have an internal IT department, tell them that you suspect your account has been hacked. They will have procedures to follow in the event of suspected breaches. If you do not have IT security support in place then you should:
1. Perform antivirus scans on your devices
Ensure your antivirus software is up to date and perform an antivirus scan on all of your devices. Many breaches occur through malicious software being installed via drive by downloads or by opening malicious attachments in email
2. Change your passwords
Change your passwords for any online accounts you may have (do this from a different trusted PC/device). This includes email accounts, social media pages (such as Facebook, Twitter and LinkedIn), online shopping accounts (e.g. eBay and Amazon) and payment gateways (such as Paypal).
The NCSC UK Cyber Survey found that 23.2 million victim accounts worldwide used 123456 as a password! You should always ensure that every password that you use is unique and not easy to guess – this will help to mitigate the scale of a compromise.
3. Enable 2/Multi Factor Authentication (MFA)
This is an authentication method whereby the user is only allowed access after successfully giving two or more pieces of evidence to confirm their identity, for example their mother’s maiden name or place of birth. Enabling 2, or MFA, offers a second tier of protection for your account. Even if your password is discovered, a hacker would still need the code provided by your second authentication method to get to your data.
2FA (and the use of unique password methods) will help to protect you against hackers using ‘credential stuffing’ techniques. This type of cyberattack is one of the top threats to web and mobile applications because of the sheer volume of accounts involved. It usually consists of large lists of email addresses and/or usernames, along with the associated passwords, being used to hack into user accounts. This usually happens as a result of a data breach and can be devastating for businesses that fall prey to this type of attack, not least because of the huge reputational risk that comes with it.
4. Check your accounts
Many malicious actors will leave back-door methods to enable them to continue to access your information even if you have realised you have been hacked and already changed your details.
The key things to check are:
• Make sure you don’t have any unknown forwarded emails in your account(s)
• Check your email account(s) sent folder – while some malicious users would delete the contents here, some may not
• Make sure your email address hasn’t been changed on any sites that you usually log into online
• Check your ‘forgotton password sections’ haven’t been changed (e.g. phone numbers, secret questions, date of birth)
5. Notify third parties
While it may seem like a daunting task, if your account has been hacked, we would recommend informing third parties associated with your account/business. This will ensure they can react appropriately and with caution to potentially malicious emails from your account.
As of 25 May 2018, the General Data Protection Regulation (GDPR) introduced a responsibility for businesses to report certain types of data breaches to the Information Commissioner’s Office. To check if your incident qualifies you can go here: https://ico.org.uk/for-organisations/report-a-breach/
