What should I do if I have been hacked?

Have you clicked on a suspicious link without thinking? Are your computers behaving strangely? It is not easy to accept that you may have just handed over control of your device to a hacker. But it is important not to ignore signs that you have been hacked. This blog reviews some of the signs of a malicious data breach, and should act as a guide for what to do next.

It’s important to be familiar with potential signs you have been hacked. If you see one or more of the following issues on one of your devices, take action immediately.

Unknown Homepage and URL Redirecting
One day, you launch your browser as usual. Suddenly, an unfamiliar website opens. Usually, such pages display pornographic material or advertise fake security software. Then, when you enter a URL, you get redirected to a different website. This is a common sign of a hijacker infection.

Slow performance
Suddenly, your computer becomes slow or unresponsive. Sometimes, this happens when unauthorised processes and programs consume your system resources. Of course, there are other reasons for a slow computer. But watch out for extremely slow speeds (especially along with some of the other issues listed).  It may be that  someone has hacked your router.

Sudden crashes
In many cases, a hacked computer may be unstable and suffer sudden crashes. It may also freeze or suddenly restart. This happens malicious applications running in the background overwhelm your systems, eating up your computer’s memory.

Increased pop-ups
Extra pop-up windows, advertisements or alerts that appear repeatedly could be a sign of a hacker attack. Above all, do not to click on any of the links. The hackers goal is to get you to click on one of the popups, and thus install a rogue program or be redirected to a harmful website.

New users or account settings
First, check for unfamiliar user accounts or new accounts. Then, look for changes in your account settings. For example, your email forwarding rules, automatic email replies, and security questions. Chances are, a hacker has changed your settings to give themselves access to your accounts.

Password changes
Any change to your account passwords that you did not ask for is a big red flag. It may be that someone else has access to your computer, browsers, or accounts. If that is the case, you’ll need to recover your accounts. Usually, you will do this by using your backup email or security questions. In some instances, you may need to contact the service provider.

Other unusual activity
Do you see unwanted uploads or downloads running on your device? Is your computer trying to  connect to unfamiliar devices or access shared network resources? Such unusual activity could signify the presence of malware or a network-based attack. Likewise, if your computer shows high network traffic for no apparent reason, it may be compromised.

If you have reason to believe that your work device has been hacked, you should do the following:

1. Disconnect the compromised device’s wifi and shut it down
2. Unplug the router, wait 30 seconds, then plug it back in
3. Use another device to change all passwords to strong, new and unique codes
4. If necessary, contact your bank and tell them about the incident and make a plan
5. Consider registering a fraud alert so that you are notified of account activity
6. Ask colleagues, friends and family to be wary of messages and links from you
7. Turn on login alert to get a notification when someone logs into your account
8. Check if you are locked out of any of your email or social media accounts
9. Consider whether personal data may have been affected – if so, you must contact the Data Protection Authorities as soon as possible

Once this is done, you can safely use your device again. Then do the following.

• Turn it back on
• Clear browser and cookies
• Scan the device for viruses and malware
• Check for recently installed programs and uninstall them
• Update operating system and software
• Consider reformatting the hard drive and reinstalling the operating system

Every time you suspect a cyberattack, you must remember to think about the personal data of your customers, employees and contacts. Even if the attack was targeted at one device, it could compromise the entire company’s data.

If you are an employer, you must remember that it is ultimately your responsibility to protect personal data. You should implement IT security that prevents any kind of cyberattack. Since it is problematic to contain all cyberattacks in the future, you should minimise the amount of valuable data, including personal data. You should also inform your employees about how to operate IT securely, including how risky unauthorised access to their devices can be and how to detect it. At the same time, they should also reduce inappropriate transitions between work and private units. Finally, they should feel free to quickly report any violations to you and have company support resolve them.

It is difficult to avoid cyberattacks. In principle, it does not take more than one employee clicking on an incorrect link. Therefore, it can be crucial to have control over data, including personal information, and clear it out of the way before unauthorised persons gain access to your systems. In Safe Online, we have developed the Data Discovery tool DataMapper, which you can use to find and monitor files, emails and images that contain sensitive information.