What to do in the event of a security breach
First – Reset your password and then carry on reading.
According to the Radicati 2015 Email Statistics Report, the number of worldwide email users was set reach almost 3 billion this year, receiving almost 100 messages a day. The ubiquitous nature of email combined with its continued growth makes your accounts a tempting target for hackers. So here is how to prevent a hack, notice you have been hacked and how to act on your suspicions.
Passwords – the key to prevention
Hackers usually get in through your email password so make sure all your passwords are unique and strong. Seriously, using a bad password leaves your account wide open to a simple brute-force attack. Use a strong password for your email account, and a different strong password for every other account or secure site that you use. You may need a password manager to effectively do this and fortunately there are some very good, even free ones available. PC Mag compares some of the top ones here: Best free password managers.
Two Factor Authentication
For really tight security, a second way to verify yourself is the next step. Most internet services nowadays offer two-factor authentication. This is simply a numeric code sent to your phone, which can only be used once. The majority of popular password managers all have 2FA by default. For a comprehensive how-to on 2FA, read here.
Suspicion – how can I tell if I have been hacked?
Email: Usually some-one will alert you to the fact that they have received a strange email from you. Sometimes a few people will alert you to this fact – your email has more than likely been hacked.
Credit card: Your first indication a hacker has compromised your credit card may be unexpected items on your bill. Card thieves will occasionally put through a few small purchases, just to make sure the card is OK, before making a big purchase. If you’re lucky, your bank will detect fraudulent activity, decline the charges, and issue you a new card.
Identity: An identity thief can use your personal information to open credit accounts, accounts you know nothing about, or simply to steal your money from you.
What to do
Email: Immediately check your sent mail as well as account settings to make sure that the hacker has not authorized another account to send or receive mail.
- Check your aliases to see if there are any strange email accounts added. Delete if there is one you do not recognise.
- Check your account settings to see if there are any strange accounts added and delete them.
- Check your rules to see if the hacker has changed your settings there.
- Call your bank and phone company to make sure no changes have been made in the past 24 hours.
If you suspect that your email account has been hacked the first thing to do is to reset your password. Alternatively you can ask us to reset your password for you by contacting us via our usual support channels.
Think about whether you use your email address as a username on other sites? This is a common practice. But if you also used the same password that you used for the hacked email account, those accounts are now compromised, too.
After recovering from an email account takeover, you should visit every site that’s associated with that email address and change your password. Again, a password manager may be useful here.
Bank accounts: obviously contact your bank and change all password to all accounts.
Identity theft: This can be a tricky one depending on how deep the hacker has gone. Check all your online profiles, reset passwords and report the breach to the company.
Restore your PC: In the event of a breach, we always recommend that you perform a complete computer restore. Once your computer has been compromised, the hackers can do anything and hide anywhere. It’s best to just start from scratch.
Restore your smart phone: Hackers can also get in via your phone, remember your email is on there too. Go back to factory settings.
Monitor: watch all your accounts like a hawk for the next month or two. Tell your friends/family/colleagues that you have hacked so if they get weird social media requests, a fishy phone call, or requests for money, they know to be careful about what kind of information they give.