You've Been Hacked! Now What?

Have you been able to avoid being hit by computer viruses and malware? If not, maybe you have virus protection, as well as keep all your devices and software up to date. Or maybe you are just lucky.

Unfortunately, the odds are increasing that you or someone in your firm will fall victim to a technology attack. Whether it is a ransomware attack, a spoofing message attempting to gain your login credentials, a malware threat, or unknowingly having used a compromised Wi-Fi network, the important question is what do you do next?

Let’s discuss the steps and best practices that everyone can take that will assist in dealing with these types of attacks.

To start, make sure your team knows not to delay reporting any “suspicious” technology experience or event. Encourage them not to worry whether they made a mistake or the potential repercussions. It is more important to investigate a potential attack when it’s first noticed than to be silent and hope that nothing bad will happen.

Frequently, we hear about successful cyber-attacks, and the staff member or members impacted can actually recall an earlier moment when they saw an odd error message, some strange behavior on their screen, or an email request to confirm their credentials — to which they responded. Although it may be easy to gloss over little clues, don’t be complacent. That is the time when you need to take action.

If you believe that some type of attack might be occurring on your computer, quickly isolate the machine by disabling the Internet connection, disconnecting from your network, and killing any other external connection that might be active on your computer. Basically, you want to minimize any potential damage from the attack infecting your machines or files.

When dealing with a technology attack, you need approach the situation like a crime scene. Begin to recall exactly what you were doing and document everything that comes to mind. Did you click on a link embedded in an email? Did you open an attached file that did something strange, or maybe it seemed that it wouldn’t open at all? Was an unfamiliar error message displayed asking you to do something? Did a program ask you to re-enter your login credentials? Were you using social media? Were you doing anything on the Internet? The answers are important to help determine the origin and type of the technology attack.

Also consider your technology environment. For example, have you been using a secure connection to the Internet? Has anyone else used any of your account credentials or even your computer/devices? This information can help determine how to respond to the attack.

Next, consider the best action. You want to be as conservative as possible in your response strategy. If the machine directly was hacked, then you might want to do a reimaging of the computer and reset it to a brand new condition. If the technology attack was focused on compromising access credentials (email, software systems, network, etc.), then your starting point is to disable the impacted user account, or at a minimum, significantly change the user credentials. And if a user ID is compromised, be mindful of where you make your changes. You definitely do not want to do it on a compromised machine.

The sooner you can minimize the impact and remove any guess-work as to the source of the attack, the more effective your response plan will be. Finally, be sure to tell your team what happened and what to look for to prevent the next attack. Sometimes, this has to be done before you even know the resolution, but it is important to alert your colleagues to be on the lookout for a particular cyber threat. A general call for heightened awareness is better than no communication at all.

Dan Skiles is the president of Shareholders Service Group in San Diego. He can be reached at dskiles@ssginstitutional.com.