I’ve been hacked! Now what?
In the last few articles in this series on cybercrime I’ve explained that unfortunately cybercrime is something that every business has, or is going to be a victim of, and also briefly outlined some common hacking techniques. So what steps should you undertake once you’ve been hacked?
Minimise damage
This should be the very first step once you’ve discovered you’ve been hacked. Some common things to check are
Passwords. Reset all your passwords and ensure they are strong passwords with a combination of upper and lower-case letters, numbers, and special characters. Also, don’t use passwords with personal information such as date of birth as personal information is also used as authentication and could be used of another hacking attack.
Check all bank and shopping accounts (e.g. PayPal, eBay, etc) account statements. Look at your Ban, PayPal, eBay and other online statements for unknown withdrawals but also check for details such as new shipping addresses, payment methods or linked accounts. If there is anything unusual cancel the account or credit card.
Check accounts that are connected. You eBay account might be connected to your PayPal account, or your WooCommerce account connected to your bank account of accounting system. Facebook IDs are often used to login to other applications so deauthorise those connections.
Two factor authentications. Enable to factor authentication for all accounts that have this facility. Some apps are making this mandatory such as Xero and most banking apps.
Tell your family, friends, and contacts. Do this for two reasons – firstly to minimise the chance of them becoming a third-party victim to your hacking attack, and secondly to educate them to defeat hacking.
Update your software. Don’t you get fed up with the constant need to update your phone, PC or website? I large number of hacks target vulnerabilities in the outdated software on your devices. Updates also have the latest security patches. Set your device up to automatically get the updates at a time that will inconvenience you the least – like 3am.
Recover your accounts. Most social media platforms have guides that show you how to regain control of your account.
Update your antivirus product. No matter how good your anti-virus system is they are useless if the virus definitions are out-of-date. Again, checking the virus definitions up-to-date can be automated so it is done at a time that will inconvenience you the least.
The above are all after the ‘horse has bolted’ techniques and after you’ve been hacked but what should you do to minimise the risk of your business being hacked?
Minimise risk
Anti-virus software – installed and with current virus definitions on all business computers
Wi-Fi – make sure it is secure and hidden
Allow only authorised people to access your business’ devices, technology and files.
Backup your data, and do so regularly
Have a firewall on your server
Workplace and device hardening such as blocking USB access. Some accounting firms and banks have this on all their computer devices as I found out when I went to give a presentation one day armed with the presentation on a USB stick
Train staff – and this is the best and most effective risk minimisation strategy
Prevention is always better than the cure and will therefore be the subject of the next article in this cybercrime series.
Stephen Barnes is a business turnaround and recovery specialist, Board advisor and the principal of management consultancy Byronvale Advisors. He has over 25 years advising clients from new business start-ups to publicly listed companies and across a wide array of industries. He is a crisis manager that prides himself on quickly understanding the client’s business and issues and developing pragmatic solutions to complex problems. He is also the author of ‘Run Your Business Better’. To find out how Stephen can help you run your business better and quickly improve your business performance visit www.byronvaleadvisors.com.
