While being “hacked” can mean different things to people, its connotation is never positive. It could mean your personal email, social media accounts or financial applications have been compromised or maybe your company email or access to corporate data has been breached. How do you handle this stressful situation? I’ve talked with many people that have been hacked in some way or another. Some attempt to deal with it privately hoping to limit any damage; others simply live in a state of denial, and very few will ask for assistance in limiting any adverse exposure to themselves or their organization.
After the Hack, What Should I Do?
Don’t think “if.” Think “when.” Hackers prey on procrastinators. Creating an organizational or personal Incident Response Plan is essential to calming the anxiety that can accompany this unfortunate situation.
6 Key Steps to an Incident Response Plan
A plan provides direction and a methodology that identifies in detail the immediate, mid-event and after-action activities that should be undertaken. The level of complexity is dependent on the needs of the individual or organization. Some basic principles that should be considered are:
- Have a plan and update it on a regular basis. This is simple to state, but often overlooked until after a breach has occurred.
- Do not assume you know the reach of the breach; address any and all accounts that you have.
- Tell someone; inform your Information Technology Department within your organization or your family in the event of a personal attack as the breach may have infiltrated beyond just you.
- Change your passwords immediately – to a sequence of characters completely different from your current password. What makes a password more secure? Find out.
- Double-check the account(s) to ensure nothing has been changed regarding notification or password validation steps; hackers will often change the verification address to give themselves the ability to change the password again and again, most often in cases of free email or storage services.
- Take time to understand how the compromise was instigated and use it to train others within your organization or family to prevent copycat-type events.
4 Common Sense Approaches to Digital Security
To keep your digital presence, assets and data secure, follow these three common sense approaches:
- Vigilance – Don’t open emails from unknown sources, click on attachments or links that you were not expecting, or provide information over the phone without direct verification of the requesting source.
- Planning – Have a documented and tested plan in place for Incident Response. Make sure the plan provides direction on appropriate steps and lessens the anxiety of wondering what to do.
- Assistance – Don’t put blinders on hoping it all goes away. Cyber criminals are looking for quick financial gain – the more you seek assistance, the greater chance of limiting the exposure and potential loss.
- Change – Passwords and passcodes should be changed on a regular basis, preferably every 30 days but at least every 90 days, to a unique and different password from the previous one and based on information security standards and guidelines.