In your digital life, it’s quite possible that you may experience a cyber attack. Many of us have had this experience, either in mild forms (adware, browser hijackers) on in more impactful ways (banking Trojans, ransomware, etc.).
Given the frequency in data breaches, your private data could also become involved in such a breach, independently of your actions
So it’s important to have an action plan for when this happens, a plan that can guide your steps and help you manage the panic.
We actually created a guide for that particular situation, which I honestly hope you’ll never experience. It includes advice on how to behave, how to act and what to verify to ensure that your risks are minimized.
I hope you find it useful!
1. First of all, this is not a good time to panic. Take a deep breath and keep your calm.
The opposite, not caring, nor taking any measures, isn’t an option either.
You should be aware that things could quickly escalate in an unwanted direction. It doesn’t matter if you think the service is unimportant to you.
The breached data can be used to hack into other accounts of yours (especially if you use the same password for multiple accounts – please don’t), identity theft, financial damage, blackmailing and cause all sorts of other unwanted headaches.
2. Log into the account of the service that was hacked as soon as you find out about the breach.
Glance over the settings for your account, see if there’s anything fishy or changed there.
If you can’t access your account anymore, reset the password via email.
If you used a fake email for it, or you don’t have access to that email account anymore, you’ll have to contact the administrators of that website and prove it’s your account.
3. Change the password for that service. Use a strong, unique password.
If you’ve been reading our blog constantly, you most likely know how much we insist on this issue: never, ever reuse a password. You should have unique, strong passwords, that you change periodically.
However, if it’s too late for this and you recycled the password from the compromised website, change the password for all other services.
You can use a password generator, such as Norton Identity Safe Password Generator, in order to create strong passwords.
In the future, prepare for the worse and make sure you don’t reuse the passwords, in order to minimize the impact in case of a hacked account. You wouldn’t use the same key for your house and for you car, would you?
Remember to treat the answers to the password security questions the same as you treat your password. Don’t use real answers, instead generate strong passwords. The real answers can be easily discovered by attackers.
And never keep your passwords in a file on your computer, mail or cloud. Instead, you can use a passwords management application, like LastPass or Dashlane. This way, you won’t have to memorize 30-40 strong passwords, with all their capital letters and symbols and numbers, passwords that you regularly change. You’ll only have to remember the master password for your LastPass account, your other passwords will be safely encrypted.
4. If available, activate two-factor (or more) authentication.
The two-factor authentication (or two-steps verification) will add an extra layer of security, using your mobile phone. It works as a secondary authentication method, besides your password.
It will send you a one-time, unique digit code by SMS or generated by an authentication app installed on your phone.
Gmail, Twitter, Facebook and Amazon are among the ones who offer this option. You can find an extended list on TwoFactorAuth.org.
5. Change the password to your email or any other linked accounts.
As soon as you find out about the breach, change the password for the email you used to create the account for the service that got hacked.
Also look over the email settings, especially the Email Forwarding, Filters, Reply-to Address and Security Questions, to make sure that everything’s in order. An attacker will try to leave some kind of a back door opened, to come back into the account.
Your email address is most likely tied to many of your online accounts. If any of those is compromised, you’ll have to change the password to any other service that was remotely linked.
Also de-authorize all the third-party apps, that use your account.