Story image

ESET: How your business can recover from a hack

28 Jul 15

Recent high-profile data breaches at the US Office of Personnel Management (OPM), Adult Friend Finder and the European Parliament illustrate criminals’ insatiable appetite for data and financial reward.

Getting hacked, whether that is as an individual or as a company, is a horrible experience, and a costly one too. Hackers often get away with money or data, some of which might be sensitive like health records and private pictures or messages. This data is sometimes used for further attacks, or simply sold onto other criminals on the dark web.

But victims of these breaches feel like they’ve lost a lot more; they feel embarrassed, whilst compromised companies could see consumers and investors lose trust in the brand, resulting in stock and revenues temporarily falling down.

Here’s what you can do to recover as fast as possible from a hack– and with your dignity still intact.

Contact customer service
If the hack is of Facebook, Twitter or another online service provider, you should contact their customer service teams as soon as possible. These companies, especially in the social networking space, are getting better at cracking down on stolen accounts and even have online forms to fill in if that has been the case, or if your account has been sending out spam messages or making suspicious downloads.

Perform scans in your system
Once your compromised account is safely back under your control – and hopefully this does not take too long – you should do a security audit to check for suspicious files and other strange behaviour.

For instance, say your Facebook account was hacked. You should look for things including if your security questions have been changed. If the affected service is an ecommerce provider, like PayPal or eBay, you should check to make sure no new shipping details or payment details have been added.

If the hack affects your email, you might check for draft or sent emails, and who they are being sent to, while more advanced users should check the code, traffic, internet bandwidth and look out for any email irregularities.

You should, of course, change your password as soon as you suspect you’ve been hacked and after performing a full-scan in your system, while you should also consider the apps that are connecting to this account, and whether any of them could give hackers a way in.

For example, the open-source authentication standard OAuth is now used by Facebook, Twitter, Microsoft, Google and others for connecting to a number of third-party sites. It’s an easier and faster way of logging into a site, all the while without sharing any user credentials (username and password).

But what if your Facebook log-in is cracked, will connecting services be at risk too? And are these third-party plug-ins, which may use your Facebook account to log-in, secure enough or could they be compromised?

These are good questions to ask. You should remove third-party apps that are unnecessary and risky – and this also applies for apps you might have downloaded onto your smartphone or tablet.

Get the basics right
After you’ve been attacked, you need to make sure that you now get the basics right. For example, make sure you change passwords often – using complex ones or a password manager where possible, whilst you might want to consider using two-factor authentication (2FA) and an anti-virus solution.

Regular patching of software products is also essential, as is backing up your data, while you may want to consider how much information you post on social media, given phishing and social engineering are often the way hackers compromise victims.

Be careful who you trust
Who do you trust? That is a great question as you never really know who is behind other computers. So from now on, carefully consider the people you want to work with, and think who are the most trustworthy and secure sources.

To learn more about ESET, please visit their website. 

How Adobe aims to drive digital transformation for financial services
Digital transformation is a requirement for ongoing competitiveness that clearly helps businesses run more efficiently.
Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
Human value must be put back in marketing - report
“Digital is now so widely adopted that its novelty has worn off. In their attempt to declutter, people are being more selective about which products and services they incorporate into their daily lives."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Microsoft NZ bids Goldie a “fond farewell”
Microsoft New Zealand director of commercial and partner business takes new role across the Tasman. The search for his replacement has begun.
Google says ‘circular economy’ needed for data centres
Google's Sustainability Officer believes major changes are critical in data centres to emulate the cyclical life of nature.
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.