What To Do If You've Been Hacked: An In-Depth Guide
Table of Contents
Table of Contents
- Immediate Steps To Take If You've Been Hacked
- Hacks: Identify and Respond
- Cyberattacks: Identify and Prevent
- How to Report a Cyberattack
- How to Prevent Cyberattacks
- Conclusion
Falling victim to cybercrime - at work or home - seems to be something many of us have accepted as part of everyday life.
Unfortunately, our digital data has value, which makes us targets. Hackers can use this data themselves or sell it to third parties. For businesses, hackers may target business data, employee data, and customer data, which raises the stakes significantly.
At the same time that our lives are increasingly spent online, cyberattacks are becoming harder to detect. This means the danger of becoming a victim is greater than ever.
Falling victim to cybercrime can be scary and embarrassing. Victims of cybercrime instantly blame themselves and may feel too ashamed to tell anyone. But it's important to remember that falling victim is not your fault and to act quickly if you do. Failing to take immediate and appropriate action can have substantial costs.
This guide will explain what to do if you've been the victim of a hack and how to identify and prevent cyberattacks. We'll also explain how to report attacks, provide suggestions on improving your security infrastructure, and provide helpful resources for individuals and businesses concerned about cybercrime.
Immediate Steps to Take If You've Been Hacked
1. Update Compromised Usernames and Passwords
The first thing to do is to change all of your usernames and passwords. This is especially important for those that have been a victim of fraud.
This can be a tedious task. Using a password manager makes it easier. Password managers, like TeamPassword, can store all of your private and shared logins in one secure location.
When working through your logins, prioritize accounts that have been directly compromised. You can use tools like ';--have i been pwned? to check whether your email address or phone number has been compromised.
Recovering from an attack can take time, so secure the most critical accounts first. Your email account is a good place to start, as well as any online accounts with saved payment details.
(JComp/FreePik) Alt Text: Graphic of a police officer chasing a cybercriminal after a cyberattack
2. Set Up 2-Factor Authentication
2-Factor Authentication can be set up on most accounts. For information on how to set up 2FA, search for the name of the account and "2FA" or contact the platform's customer support. Here are links for directions on how to set up 2FA for Google, Microsoft, and Apple accounts.
Authenticator apps make receiving 2FA easier and more secure. Once you have the app on your mobile device, simply scan the QR codes for the accounts you want to use 2FA for in order to sync the app to the accounts. Then, you will receive 2FA codes to the app rather than by email or SMS, making it more difficult for cybercriminals to intercept. A few popular authenticator apps include Authy and Google Authenticator.
3. Quickly Investigate the Cause and Scope of the Hack
It is important to quickly identify the cause of the hack so that you know what further steps need to be taken. This should be a focused investigation. Identify what has been hacked, how the hack happened, and the general scope (i.e. how many users or accounts have been affected).
Use the information on hacks and cyberattacks in this guide to help you identify whether your accounts or devices have been hacked and what kind of cyberattack was used by the cybercriminal to gain access.
4. Inform Others
Hackers gain access to new victims through previous attacks, so let as many people know as you can. And as quickly as you can. That way, there's less chance of others falling into the trap.
For Individuals
Individuals should notify the following people as soon as possible:
- Contact lists (on social media, phone, email, etc.)
- Employers and HR (if it's a business account)
-
If you’re an employee that has been responsible for a breach, know that you’re not alone. Act quickly to mitigate damage.
-
- The attacked platform provider (social media platforms, Amazon, Email etc.)
For Companies
Business owners that fall victim may feel angry and paranoid. How much data has been compromised? What will our customers think? How much will this cost? How will we regain the trust of our customers? Who's to blame? These are all valid questions. However, it’s important to remain focused on damage control and preventative measures in the aftermath to minimize the harm and prevent future attacks. But you do need to inform others.
Staff perceived to be responsible for the breach will have concerns about their job security and the reaction of their peers. It's important to be aware of that as you investigate the cause of the hack.
Companies need to act fast to ensure customer data stays confidential:
- Employees should be notified to prevent individuals from being victimized.
- Vendors and clients should keep an eye on suspicious emails.
- Investors will need to be informed. Unfortunately, they may want to remove their investment if they deem the risk too high. Being able to explain what happened, what data was compromised, and how it has been resolved is a great way to win their confidence and keep their investment. It might be worth hiring a professional IT security company to conduct an audit after an attack.
- Customers should be notified as soon as possible. Companies need to prepare for customers who want to leave the business due to security concerns. Transparency goes a long way to maintaining customer trust. Don't hide the hack. Instead, explain what happened in terms your customers will understand and describe the steps you've taken to protect their data.
(JComp/FreePik) Alt Text: A graphic in which a cybercriminal is hacking into a computer to gain access to personal files, leading the victim to wonder, 'Have I been hacked?'
How to Identify and Respond to the Five Most Common Hacks
A hack refers to the unauthorized use or access of another person's account or device. This might be your email, access to your phone, or access to an entire system or drive of data that they can hold for ransom.
The hack is the act, whereas the cyberattack is the method used to gain entry.
Victims often become aware of a cyberattack when they try to access their account and realize they can't get in. Or they notice something seems "off" with the account. It’s then, upon the discovery of a hack, that immediate steps need to be taken to minimize the damage.
Below is a breakdown of the five most common targets cybercriminals hack into. Later, we review the four most common cyberattack techniques used to hack into accounts and devices.
See Also: Have I Been Hacked? How To Know For Sure
1. Email Hacking / Business Email Compromised (BEC)
Being a victim of an email cyberattack can be incredibly damaging: once hackers have access to your email, they can see what sites you're subscribed to. They’ll then try and gain access to any of those sites where it’s likely they can find personal information to mine.
Signs Your Email Has Been Hacked:
- You can't access your emails, and it says the password isn't correct.
- You're no longer seeing unread emails in your inbox.
- There are emails in your sent box or outbox (that you haven't written).
- You're receiving password reset emails from websites you're subscribed to.
- You've received a login attempt email from a different location or IP address.
- Friends and family have received suspicious emails from your account.
How Hackers Gain Access to Your Email Account
There are three main ways your email could be hacked:
- Phishing emails (Spam-like emails that impersonate legitimate companies. Read more)
- Brute force (Trying a bunch of password combinations to crack your login. Read more)
- Man in the middle (Hijacking personal information through a 'middleman' network like a fake public hotspot. Read more)
All these attacks aim to get personal information from you so passwords and logins can be accessed.
How to Recover a Hacked Email Account
- Change the password immediately if you can still get into your email account. (Don't just add a 1 or ! to the end!)
- Check your recovery information. Recovery options help you regain access if an attack happens again.
- Tell your email contact list about the attack, so they know to be on high alert.
- Set up security questions on your account.
- Ensure no unusual email addresses appear in the admin section of your account.
- Make sure your email password isn't the same as all your other accounts (we've all duplicated a password once or twice...).
- Set up Multi-Factor Authentication or 2-Step Authentication (MFA). Multi-Factor Authentication is when you use more than one step to access your accounts. Rather than relying on your password to keep your accounts safe, additional measures like FaceID or having codes sent to confirm your identity make your login more secure.
Additional Steps for Businesses
- Organize cybersecurity training for all staff. Cybersecurity training shows your team how to make their logins more secure and gives them the tools and knowledge to help them identify threats.
- Write up a report on the attack to help the team identify possible threats in the future.
- Hire an IT firm to monitor your network's cybersecurity. (Ask your IT firm to install antivirus software, turn on firewalls, set up an email scanner, etc.)
2. Computer Hacking
Cybercriminals might go further than hacking into your email account. They might attempt to lock you out of your computer entirely.
For businesses, this is particularly dangerous, as confidential information is now at risk.
Computer hacking is hard to spot, but if something feels wrong, it probably is.
Signs Your Computer Has Been Hacked
- If your computer has significantly slowed down, something might be lurking in the background. However, there are plenty of reasons computers slow down. So it's best to do a quick system check to try and identify the probable cause.
- Someone (or something) has disabled your security software.
- Pop-ups are appearing on your system.
- There's software installed and browser add-ons you didn't set up yourself.
- Your system randomly shuts down or restarts itself.
- You can't access your login account.
How Computer Hacking Happens
- Malware (Hard to detect software installed onto your system. Read more)
- Phishing (Spam-like emails that impersonate legitimate companies. Read more)
How to Recover from a Computer Hack
Follow similar steps as if your email had been hacked, and take these extra precautions:
- Change all your passwords.
- Double-check your recovery settings.
- Set up security questions for your login.
- Make sure your email account isn't compromised.
- Set up 2-Step Authentication (especially if it's a business computer).
- Install security software and run a malware check. Examples: MalwareBytes, AVGAntiVirus (if you're a business, consult your IT department first).
- Restore your computer from a recent backup.
Additional Steps for Businesses
- Make sure everyone knows about the attack.
- Work with IT to isolate the infected site or program (that way, you won't lose your entire network).
- Use a monitoring system like Pulseway to identify where the attack happened.
- Report the data breach (see below).
- Create a report of the attack that includes how it happened, how it was managed, and how to improve security so it doesn't happen again.
- Hire an IT firm.
- Organize cybersecurity training.
3. Cloud Storage Hacking
Cloud storage hacking is relatively new. With so many of us snapping daily pics of our dogs, food, strange spots we've found on our leg, and heaven knows what else, most of us have some content stored in the cloud.
Remote companies are especially susceptible to cloud storage hacks because they likely use Dropbox, Google Drive, OneDrive, or another cloud storage provider to share files across their network.
How To Know if Your Cloud Storage Has Been Hacked
- There's uploaded content you don't recognize.
- You can't log into the account.
- Files are missing.
- You've received a security alert about the account being accessed from another location.
- Your contacts are receiving emails from you with suspicious files or links attached.
How Cloud Storage Hacking Happens
- Phishing (Spam-like emails that impersonate legitimate companies. Read more)
- Man-in-the-Middle (Hijacking personal information through a 'middleman' network like a fake public hotspot. Read more)
- Brute Force (Trying a bunch of password combinations to crack your login. Read more)
Cloud storage hacks are usually a byproduct of another attack - for example, a computer or email account hack. This is why making sure your passwords are unique is crucial!
How to Recover If Your Cloud Storage Is Hacked
Follow the same advice for email and computer attacks. Other options include:
- If you've received contact from the hacker, do not engage. And never pay any ransom they request.
- Contact your local cybersecurity authority for support (you can find out more about local cybersecurity authorities in the 'How to report a cyberattack?' below)
Additional Steps for Businesses:
- Create a Business Continuity Plan with your IT department or firm. This plan will incorporate risk management, incident reporting, recovery, and continuous testing.
- Notify all users about the attack
- Report the data breach
- Create a report about the incident
- Consult your IT firm about Cybersecurity
4. Social Media Account Hacking
Social media hacks are frustrating and embarrassing. Some will lock you out of your account entirely, while other hacks are more subtle. You might not even know you've been hacked until someone on your friend list lets you know.
If you've received a suspicious message from a friend, they've likely fallen victim. Be a friend, let them know.
So how can you identify if you've been hacked yourself?
Signs Your Social Media Has Been Hacked
- New friends and contacts are in your feed (which you didn't request or add).
- Other accounts disguised as you are adding your friends.
- There are posts on your profile you didn't upload.
- Your password has changed.
- Posts have been deleted.
- Your profile picture has changed.
- Friends have received messages from you that you didn't send.
- You've received a notification saying your account has been accessed from elsewhere.
How Social Media Hacking Works
Social media hacks are a vicious circle. You might have received a message from a friend's hacked account, clicked a link, and continued the cycle without knowing.
For those who like online gaming through social media, be wary; some are scams working to retrieve your login data.
Hackers can also gain access through:
- Phishing (Spam-like emails that impersonate legitimate companies. Read more)
- Man-in-the-middle (Hijacking personal information through a 'middleman' network like a fake public hotspot. Read more)
- Brute Force (Trying a bunch of password combinations to crack your login. Read more)
How To Reclaim Your Social Media Account (After a Cyberattack)
- Change your passwords
- Do everything you would for an email account hack.
- Some social media platforms require you to prove your identity to regain access. (Usually through a quick webcam video to show your face)
- Set up a 2-step authorization.
- When you regain access to your account, post about the attack so friends know not to click any strange links from you.
(JComp/FreePik) Alt Text: A man has been a victim of a cyberattack and identity fraud online
5. Personal and Financial Information Hacking (Identity Theft)
The scariest hacks are those that involve our money and identity.
Although banks constantly check for suspicious activity, there's still a risk of an attack. Cybercriminals don't have to gain access to your bank account to commit fraud: they can attack from wherever you've entered your bank details.
Identity theft may also include duplicating/stealing your passport or social security number.
For businesses, this type of attack can be fatal. Cybercriminals can pose as directors requesting money be transferred to their accounts. Some may go as far as submitting professional-looking payment requests. Stay alert and remember it’s always okay to ask for confirmation before sharing confidential information.
Signs You're a Victim of Identity Theft
- There's suspicious activity on your bank statements. (For example, money has been transferred to a new account, purchases you didn't make)
- Unexpected purchase confirmations.
- Notifications to change your address or other personal details.
- Unauthorized invoices are being paid (for businesses).
How Hackers Access Your Bank Account
- Malware (Hard to detect software installed onto your system. Read more)
- Phishing (Spam-like emails that impersonate legitimate companies. Read more)
- Man-in-the-middle (Hijacking personal information through a 'middleman' network like a fake public hotspot. Read more)
- Brute Force (Trying a bunch of password combinations to crack your login. Read more)
Hackers may imitate financial institutions like SagePay or Paypal in phishing emails to the finance department. Hackers may also change invoices after they've been approved.
For individuals, phishing emails are a common way identity theft can occur, especially for highly trafficked platforms like Amazon. With access to your email account, hackers may be able to access other sites with the same password.
How to Recover Your Hacked Bank Account
- Contact your bank immediately. Cancel all cards and report any unauthorized transactions.
- Log into any online stores and accounts with your bank details: check purchase confirmations are set up to be sent to your email. Look for orders that have been sent to a different address.
- Follow similar steps for an email account hack (change passwords, 2-step verification etc.).
Additional Steps for Businesses:
- Check for malware.
- Make all staff aware of the breach.
- Report the attack to your local cybersecurity authority. (See: 'How to Report a Cyberattack' below)
- Follow your business continuity plan.
- Refresh cybersecurity training.
How to Identify and Prevent the Four Most Common Cyberattacks
A cyberattack refers to the criminal's strategy or method for gaining access to the thing they wish to hack. The attack can be social engineering, intercepting data while on public wifi, or getting you to download malware through a phishing email.
It’s important to note that many of the methods themselves are not illegal. But the method, combined with malicious intent and unauthorized access, makes these cybercrimes.
Identifying the cyberattack used to hack your account will help you prevent future attacks. Each has tell-tale signs and ways
1. Malware and Ransomware
Malware is a piece of software that can be installed onto your device (without your knowledge). Its function is to disrupt or damage your device. It can also be used to access personal or confidential information.
It's scary stuff.
Malware often enters your computer through either an email link you've clicked or software you've downloaded. If your computer's firewall isn't up to date, this can also make you more exposed to malware attacks.
The Watering Hole Cyberattack
The malware attack targets specific groups of people using a website. When you access the site, malware downloads in the background without you ever noticing.
Ransomware
More recently, a new type of malware - ransomware - has been wreaking havoc on businesses. Ransomware is malware that requests a ransom fee for you to regain access to your data.
According to this report from Sophos, 32% of victims pay ransom fees but only ever recover around 65% of their data. Those who pay the ransom often expose themselves to repeat attacks because hackers know they'll pay.
Think your business is too small to fall victim? Think again. Cybercriminals have increasingly targeted small businesses, schools, non-profits, and hospitals. As large companies improve their security, hackers are turning towards other targets with fewer disposable resources.
How To Identify Malware on Your Computer
Out of all the common cyberattacks, malware and ransomware are probably the easiest ones to spot:
- Your system is very slow.
- Programs open or close automatically.
- Storage space seems to have disappeared.
- Your computer has new programs or browser add-ons installed.
- Security software has been disabled.
- Popups appear on your desktop.
- Searches online redirect you to different sites.
- Files, folders, servers, and systems you previously had access to are now encrypted.
- Data usage on the account is inexplicably higher.
- You've been sent a ransom request.
How To Prevent Malware Attacks
- Be wary of suspicious links in emails. 92% of malware is delivered via email. If you clicked a suspicious link or link in an email about security updates, you might have unknowingly let the hacker straight in.
- Download new antivirus software and regularly run malware scans.
- Uninstall any software or programs you don't recognize or no longer use.
- Regularly back up your computer.
- Never pay the ransom. The golden rule.
- Consult your IT firm.
- Refresh your Cybersecurity knowledge.
2. Phishing Emails/Calls/Texts
Phishing aims to lure you into providing sensitive information to hackers, which can lead to a whole world of different hacks. They may ask you to log into your account or follow a link to a fake website.
Unfortunately, phishing is becoming harder and harder to detect. Phishing messages can look identical to those from companies you trust, so try not to blame yourself if you become a victim. Cybercriminals take advantage of our trust and busy lives, counting on us not to examine links too closely.
Examples of Phishing Emails, Calls, and Texts:
- Emails claiming to have incriminating evidence about you.
- Emails claiming to have access to your passwords/emails.
- Emails asking you to update your password.
- Emails demanding payment.
- Emails pretending to be order confirmations.
- Emails suggesting you've won a competition.
- Emails claiming you have a virus on your computer.
- Calls where the caller refuses to answer your questions.
- Calls in which they ask for personal details.
- Calls in which they mention old information. (For example, they cite a previous address you lived at rather than your current home)
Why Phishing Happens
Most of us receive phishing emails as part of the cycle of a different cyberattack. Data breaches and cyberattacks on businesses can expose your contact details to hackers. Then, hackers can either use your details themselves or sell them to another criminal for use in a phishing scheme.
It's also worth mentioning that plenty of companies sell your data to third parties. They'll even state this in their fine print. Governing bodies are taking steps to control this market, but there are some actions you can take to better control your data.
Most email providers detect spam and phishing emails before they hit your inbox. If you click into your junk box, you'll find numerous attempts that never made it.
But this monitoring isn't perfect, so some phising emails may still end up in your inbox.
How To Prevent Phishing Attacks or Stop Receiving Phishing Emails
- Follow the same steps as you would if your email account had been hacked.
- Check HaveIBeenPwnd to see if your email address or password has been involved in any recent data breaches. You'll be surprised that even some top businesses have had their data leaked!
- Check the email addresses you've received the suspicious email from. It's unlikely to look as official as the email content.
- Hover over links before clicking them to see if the domain is legitimate. Or copy the link address and paste it into a text file to review the link before going to the website.
Phishing Email Protection for Businesses
- Train staff on how to identify phishing emails. Phishing emails are only dangerous once they're interacted with in some way.
- Set up a security scanner on your email system. Email scans will automatically remove attachments and spam before it reaches your inbox
See Also: Extortion Emails: What They Are & How Do They Happen?
3. Man in the Middle
Cybercriminals use sophisticated technologies to track the information you're entering. They then use this information to access your accounts. The man-in-the-middle (MITM) technique gives hackers access to conversations or data transfers between you and a company. The hacker sits in the 'middle' of the exchange, ready to hijack the information.
MITM attacks happen in real-time while logging in or speaking to someone regarding your account, which makes them incredibly hard to detect until the damage is done.
How Man in the Middle Attacks Happen
A hacker may create a fake public network you can connect to (perhaps while traveling, in town, or at a coffee shop). While connected to their hotspot or network, the hacker will have access any information you're entering.
How To Identify a MITM Attack
MITM attacks are tough to detect. But there is a critical telltale sign to look out for:
- Check the URLs you're visiting: Make sure the URL starts with HTTPS rather than HTTP. Without the 'S', it's a sign the site or your connection is unsecure.
How To Prevent a Man-in-the-Middle Attack
There's an old adage that prevention is better than the cure, and this couldn't be truer for MITM attacks.
- Avoid public networks. Never use a Wi-Fi network that doesn't require a password.
- Only make sensitive transactions on your home network.
- Use a VPN while out of the house. VPNs will stop hackers from being able to access your online activity or personal information.
- Always log out of sensitive websites
- Make all your passwords unique. That way, if a hacker manages to access one account, they won't have access to the rest.
- Use Multi-Factor or Biometric Authentication.
- Keep your firewall up to date.
- Protect your device with antivirus software.
4. Brute Force
Brute force attacks are just a case of trial and error. Hackers will use several tactics to find personal information about you to attempt to crack your passwords.
But rather than manually typing out these usernames and passwords, hackers use a computer system to process thousands of password combinations within minutes. Brute force is often used to try to access business networks, as well as individual devices.
Brute force attacks are popular with hackers because so many people continue to use weak passwords. Wikipedia even has a page dedicated to the most common passwords used today.
Want to test the strength of your passwords and create strong, unique passwords for free? Use TeamPassword's Password Strength Test and Password Generator.
Password Spray / Dictionary Attacks
Dictionary attacks are a time-consuming type of brute force attack in which a hacker chooses an individual and works through words in the dictionary to find a password match. They'll also change letters and add special characters to different combinations. Because this approach takes so long, hackers have found faster, more effective alternatives such as automated credential stuffing.
Credential Stuffing
Credential stuffing is when a hacker collects login details from a different attack and uses them to access more accounts. Your details may have been part of a data breach from a trusted company. The hacker will use these credentials on other websites to see if there's a match.
Sadly, because so many of us repeat passwords and use similar usernames for different sites, credential stuffing can be pretty effective.
How To Identify a Brute Force Attack
- You've received login attempt notifications from other locations or devices.
- There's been a high number of login attempts over a short period.
- Applications are responding more slowly sometimes due to the increased web traffic from the bots hackers use.
How To Prevent Brute Force Attacks
- Make your password tough to crack. Use multicharacter passwords; the more characters, the better. Incorporate both lower and upper cases as well as numbers or punctuation symbols.
- Avoid common passwords or words.
- Use different passwords and usernames for every online account.
- Use a password generator to create non-sensical passwords that are almost impossible to guess.
- Use MFA.
- Set limits on login attempts. Most websites will already have this.
- Delete accounts you no longer use.
Prevention for Businesses
- Teach staff the importance of password hygiene.
- Monitor multiple login attempts from unusual devices.
- Secure your network with encryption.
(JComp/FreePik) Alt Text: A graphic featuring a police officer catching a cybercriminal after someone has reported a cyberattack.
How to Report Cyberattacks and Fight Back Against Cybercriminals
Taking Legal Action After a Cyberattack
Cybercriminals are hard to find. So there's little chance of successful legal action against specific individuals.
But you can still report the crime to legal authorities and other organizations to prevent similar attacks.
Note: Reporting the crime might be required for businesses with a higher risk of a security breach impacting others. Courts have held some companies liable for damages for failing to take appropriate action. If a cybersecurity attack has affected your business, you should seek counsel from an attorney or government agency for advice on how best to proceed.
How To Report a Cyberattack
Below is a table showing how individuals and businesses can report cyberattacks.
Country |
Who To Report To |
How To File a Report |
United States |
Phishing Scams: Alternatively, contact the Cybersecurity Communications and Integration Center on 1-888-282-0870 You can also forward emails or websites via [email protected] Other online attacks: Report to the Internet Crime Complaint Center: Identity theft: The Federal Trade Commissions: www.ftc.gov/complaint
|
You can find a detailed breakdown of everything you need to include here.
|
United Kingdom |
Data Breaches: Data breaches should be reported within 72 hours to the Information Commissioners' Office (ICO). Some incidents need to be reported to more than one organization. Cyber Incidents, Nuisance Messages, and Data Protection: Brits can report cyber incidents via the National Cyber Security Centre website and with the Information Commissioners' Office (ICO). You can check who else needs informing via the Cyber Incident Signpostings Service (CISS).
It's also recommended that you report the attack to Action Fraud. Action Fraud takes and forwards reports in the UK to the proper authorities. It also publishes its findings and offers helpful resources for victims.
|
Your report will be broken down into six sections:
|
Europe |
Cyberattacks in Europe are monitored and reported to Europol. Reporting options are different for different countries. Use this page to choose your country, and follow the steps. For countries outside the EU, or those without a specific link on the above page, report the attack to your local police station. |
Fill in the online form with details regarding the incident. Other information will be required for different countries. |
Australia |
You can report a cyberattack in Australia using this form on the Cyber.gov.au website. |
If the attack has had a 'potentially significant impact,' you must notify the Australian Cyber Security Centre within 12 hours. Verbal reports must be reported in writing within 84 hours Attacks likely to have a 'relevant impact on your assets' should be reported within 72 hours. Verbal reports should be reported in writing within 48 hours. |
Other |
You can do a quick Google search to find the best places to report a Cybercrime in your country. However, the internet is international, so you can use sites like Interpol.int to narrow in on more relevant results. The Anti-Phishing Working Group works internationally to promote cybersecurity, regularly posting about their progress. The APWG also has a reporting mechanism for phishing activity if you're unsure where to turn. |
|
How to Prevent Future Cyberattacks
Preventing cyberattacks starts at home and office. By staying informed and following simple protocols, businesses and individuals can do a lot to ensure their data is secure.
Improve Your Cyber Habits
Cybersecurity starts with each of us. By improving our daily habits, we can protect ourselves, our families, and our businesses. Collectively, we can make the internet a safer place for all of us.
Here are some cybersecurity best practices to follow.
- Be wary of public networks. Public networks are risky. Avoid making personal transactions on any network you don't trust.
- Inspect emails before proceeding. Before replying to an email, downloading attachments, or clicking links, check that everything looks right.
- Be careful what you share online. Sharing personal information on your social feeds can make security questions and passwords easier to hack.
- Avoid saving payment details to your browser. Annoying, but if someone gains access to your computer, they can buy just about anything!
- Never send payments to suspicious accounts or websites.
- Regularly change your passwords. See Also: How Often Should You Change Your Password?
Improve Your Cybersecurity Infrastructure
Cybersecurity infrastructure costs money, but it's worth the investment. It's better to be proactive. Failing to have a baseline of protection for your business can open you up to liability.
Not sure what you need? Hire an IT professional or consultant to advise you.
Small and medium businesses (SMBs) are most susceptible to becoming victims of cybercrime. With fewer resources, SMBs typically put cybersecurity on the back burner while focusing more on sales or marketing. This can be a crippling mistake.
Worried about costs? Carefully consider your needs, then shop for products that offer those specifics at a reasonable price. Buying security software is no different than buying a car; we don't all need a Cadillac or a Hummer. For most of us, a Prius will do just fine.
Here are some suggestions on how to improve your cybersecurity infrastructure.
- Keep all devices and software up to date. Updates often have new layers of security and detection built in. So if you've been putting off that system update, get to it!
- Set up MFA (multi-factor authentication). Although MFA can feel tiresome, it's the best option. On mobile, you can add FaceID or TouchID as a secondary step.
- Use a password manager. TeamPassword provides a secure place to store, manage and create passwords - for personal and business use. Improve your password hygiene by using different passwords for every login, and keep them in one place for easy access. You can use TeamPassword's password generator to create unique passwords for every account with a click of a button. See Also: 6 Steps To Using A Password Manager For Your Small Business
- Ensure your IT department is up for the job. For businesses, IT firms that manage your security are an excellent investment and can put your mind at ease.
- Use a VPN. A VPN - or Virtual Private Network - is software that allows you to create a secure connection between your device and a website you're accessing. Rather than heading straight to your destination URL, your request will go through an encrypted tunnel so hackers and other onlookers can't see what you're up to. VPNs can be downloaded to your computer or even added to your internet browser.
- Use Virus and Malware Protection Software. Most computers come with a free trial of antivirus software like McAfee, but most of us forget to install protection software once the trial ends. Ensuring your devices have up-to-date virus and malware protection will help to detect threats long before they become a problem. You should set up automatic scans or remember to scan your device with protection software regularly.
See Also: Cybersecurity For Small Businesses
Stay Informed
Cybersecurity threats are constantly changing. That's why you need to stay informed.
For businesses, it's advisable to ensure your employees receive regular cybersecurity training. You can create compliance programs in-house, use free programs, or pay for cybersecurity training programs that provide advanced reporting and a more user-friendly experience.
Here are some resources to help you get started.
- Cybrary offers free training courses in Cybersecurity.
- The Cybersecurity and Infrastructure Security Agency has excellent training exercises for businesses.
- If you're just diving into your Cybersecurity journey and want to know how to create compliance for new start-ups, take the CompTIA IT Fundamentals course.
- You can refer staff to this UK resource from the NCSC.
- Take a Cybersecurity course on Coursera. There are classes for both individuals and businesses.
- Wizer provides no-nonsense cybersecurity training for businesses of all sizes using videos, simulations, and games. Administrators can assign courses and monitor employee performance to ensure completion.
- Even the US Department of Homeland Security offers free exercises, courses, and resources for preventing cyber threats.
See Also: Cybersecurity: The Most Important Topic Your Team Can Learn About This Year
(JComp/FreePik) Alt Text: A woman behind an office desk looking at online Cybersecurity Courses
Raise Awareness
Falling victim to a cyberattack can leave you embarrassed and paranoid. But there's no reason to feel that way.
Help prevent further attacks by speaking up about your experience. Tell your family, friends, and colleagues so that they know what to look for to avoid an attack or so that they don't feel embarrassed if they, too, fall victim. Who knows, your story may save them the same pain and suffering you've gone through.
So here’s my story.
My wife and I were on our honeymoon. We were late to check out and had a taxi waiting for us outside. I had a bag under each arm and was holding another in my left hand. My phone buzzed, I had received a text: “Mail delivery unsuccessful. Payment needed to redeliver.” with a link.
I was expecting a textbook to be delivered, one that I needed the day we returned so that I could be ready for a class I was taking. I couldn’t afford to have it delayed. I needed wifi to use the internet and we wouldn’t have access until the following day, so I clicked the link.
Conveniently, I was a brought to a payment site that allowed me to pay by credit card. I dropped the bags, took out my card, entered the information, and in less than a minute had transferred my credit card details to a cybercriminal.
I realized my mistake within seconds of clicking send. I canceled the card (blocking their attempt to order $750 worth of furniture online) and changed the passwords on my account. It took time, but there was no real harm done other than me feeling stupid and my wife not being impressed. Far from a tragedy.
The point is, these things happen. Had I received that text in a less chaotic moment, I wouldn’t have clicked the link. I know to check links and verify websites. But I felt urgency and reacted. Thankfully, no real damage was done, and I’m sure eventually it will be a story I tell with some humor.
Need support or want to share your experience with a broader audience? Cybrary has a community forum that allows people to share their experiences. The platform was launched in 2015 and has over 2 million users - so there's no need to feel ashamed or alone.
Conclusion
We hope you'll never need to take any of the steps mentioned in this guide. But cyberattacks happen, and they can be emotionally and financially devastating when they do.
If you do fall victim to a cyberattack, remember you're not alone, and it is rarely your fault. You're not the criminal.
No matter how big or small the attack, cybercrimes are stressful. The great news is that you can improve your cybersecurity today: Sign up for TeamPasswordand get 60% off your first six months.
Enhance your password security
The best software to generate and have your passwords managed correctly.