ESET: How your business can recover from a hack
FYI, this story is more than a year old
Recent high-profile data breaches at the US Office of Personnel Management (OPM), Adult Friend Finder and the European Parliament illustrate criminals’ insatiable appetite for data and financial reward.
Getting hacked, whether that is as an individual or as a company, is a horrible experience, and a costly one too. Hackers often get away with money or data, some of which might be sensitive like health records and private pictures or messages. This data is sometimes used for further attacks, or simply sold onto other criminals on the dark web.
But victims of these breaches feel like they’ve lost a lot more; they feel embarrassed, whilst compromised companies could see consumers and investors lose trust in the brand, resulting in stock and revenues temporarily falling down.
Here’s what you can do to recover as fast as possible from a hack– and with your dignity still intact.
Contact customer service If the hack is of Facebook, Twitter or another online service provider, you should contact their customer service teams as soon as possible. These companies, especially in the social networking space, are getting better at cracking down on stolen accounts and even have online forms to fill in if that has been the case, or if your account has been sending out spam messages or making suspicious downloads.
Perform scans in your system Once your compromised account is safely back under your control – and hopefully this does not take too long – you should do a security audit to check for suspicious files and other strange behaviour.
For instance, say your Facebook account was hacked. You should look for things including if your security questions have been changed. If the affected service is an ecommerce provider, like PayPal or eBay, you should check to make sure no new shipping details or payment details have been added.
If the hack affects your email, you might check for draft or sent emails, and who they are being sent to, while more advanced users should check the code, traffic, internet bandwidth and look out for any email irregularities.
You should, of course, change your password as soon as you suspect you’ve been hacked and after performing a full-scan in your system, while you should also consider the apps that are connecting to this account, and whether any of them could give hackers a way in.
For example, the open-source authentication standard OAuth is now used by Facebook, Twitter, Microsoft, Google and others for connecting to a number of third-party sites. It’s an easier and faster way of logging into a site, all the while without sharing any user credentials (username and password).
But what if your Facebook log-in is cracked, will connecting services be at risk too? And are these third-party plug-ins, which may use your Facebook account to log-in, secure enough or could they be compromised?
These are good questions to ask. You should remove third-party apps that are unnecessary and risky – and this also applies for apps you might have downloaded onto your smartphone or tablet.
Get the basics right After you’ve been attacked, you need to make sure that you now get the basics right. For example, make sure you change passwords often – using complex ones or a password manager where possible, whilst you might want to consider using two-factor authentication (2FA) and an anti-virus solution.
Regular patching of software products is also essential, as is backing up your data, while you may want to consider how much information you post on social media, given phishing and social engineering are often the way hackers compromise victims.
Be careful who you trust Who do you trust? That is a great question as you never really know who is behind other computers. So from now on, carefully consider the people you want to work with, and think who are the most trustworthy and secure sources.