10 Things to do immediately after you’ve been hacked

10 things to do after youve been hacked blog image

Getting hacked is a nightmare scenario that affects thousands of Australian businesses every year. Some of the most notable hacks this year include a third-party breach on the Bank of Queensland and a major ransomware attack on a Melbourne hospital. Increasingly, hackers are attacking small and medium-sized businesses (SMBs) with an alarming degree of success. If your organisation ever falls victim to hackers, follow these tips right away.

1. Reset your passwords

The first order of business is to regain control of your accounts. If you are still logged into the compromised account, go to your account settings and change your password. Ideally, your new password should be longer “passphrases” and is completely unique from your other accounts.  

Some online services also keep track of every device that recently accessed your account. Check this and make sure to log out of any secondary devices, especially those you don’t recognise and those that aren’t in your local area. However, if you’re completely locked out of your account, you’ll have to use the service’s account recovery options.

You should also change the password for all your other accounts. Many online services today are linked in some way (like how emails are used to log in to Facebook accounts), which means if one account is compromised, others could be, too.

2. Enable multifactor authentication (MFA)

While resetting your passwords, enable MFA. This lets you secure accounts not only with passwords but also with another form of authentication like fingerprint scans or temporary SMS codes sent to a company-registered device. These make it difficult for cybercriminals from gaining access to your data.

3. Contact the bank

If compromised accounts were linked to your company’s bank account, err on the side of caution and review your financial statements. Ask your bank to check for suspicious transactions and notify them about the breach. It’s also important to unlink all banking information from hacked accounts, and document every part of the investigation when filing a claim with insurance companies.

4. Isolate your devices

Besides hijacking accounts, hackers employ persistent malware and network-based attacks to steal information and disrupt your business. Such attacks often cause your systems to slow down, redirect you to dangerous sites, and alter local files.

At the first sign of these attacks, disconnect your devices from the internet to prevent hackers from creating a backdoor into your system. Then, reboot your device in safe mode. This lets you run only core programs while you troubleshoot the security issue.  

5. Scan your systems for malware

Now that you’ve contained the threat, do a full system scan with your anti-malware software and clear anything that tests positive. Covert strains of malware, like spyware and cryptojacking programs, may lay dormant in your devices and run in the background undetected. As such, update your software regularly to detect and address the latest threats.

6. Run your recovery procedures

If you suffered a crippling attack to your system, it’s best to wipe your hard drive clean, reinstall your operating system (OS), and load clean copies of your files. Keep in mind that this step only applies if you back up your data regularly in the cloud or an off-site server. If you don’t, you may have to talk to a provider to perform advanced file recovery procedures.

7. Inform affected parties

Both customers and employees need to know about what data was hacked, how the breach occurred, and what actions they must take on their end. Be as transparent as possible about your mistakes and how you’ve responded to the issue. The best way to do this is usually over email and a public press release. Remember that identity thieves often use hacked accounts to solicit people for money and information, so prompt warnings will limit the damage.  

8. Notify the authorities

Providing details of the breach to the Australian Cybercrime Online Reporting Network (ACORN), Office of the Australian Information Commissioner (OAIC), and Scamwatch can be immensely helpful for apprehending the perpetrators. However, there’s another reason why you should immediately notify the authorities. Under the Notifiable Data Breach scheme, organisations must report compromised personal information to the OAIC; otherwise, they could face hefty fines of up to $1.8 million.

9. Analyse the attack

To make sure similar incidents never happen again, you need to understand the origins and scope of the attack. Was the breach a result of human error, outdated software, or a lack of oversight? What information was compromised, and how will it affect your employees, customers, and stakeholders? A cybersecurity expert will help you answer these questions with a thorough audit and give you the insights required to strengthen your defenses.

10. Upgrade your security measures

The final step is to refine your cybersecurity strategy based on what you’ve learned from the audit. This will vary for each company, but you’ll generally want a multilayered security strategy that covers your network, endpoints, apps, and data.

For instance, this might include intrusion prevention systems (IPSs), anti-malware, mobile device management (MDM) software, and encryption. Regardless of the security measures you employ, however, don’t forget to provide regular security training. After all, employees who develop good password management, web surfing, and remote work habits can be just as strong as the most advanced firewall.  

Such solutions are usually out of reach for SMBs, but not when you’re partnered with Empower IT Solutions. As one of the leading security providers in Australia, we offer preventive measures and incident response support that meet your needs and budget. Contact us now!