So, you think you’ve been hacked. It’s not always obvious. As we’ll see, it’s easy to mistake the telltale signs of a digital intrusion for less urgent problems. Many of the symptoms also occur in older devices that haven’t been compromised, and it’s not always possible to tell right away what’s really going on.
You shouldn’t assume the best, though. In fact, you should do just the opposite: You should assume the worst, hope for the best, and work urgently to address the situation.
Your first step is to confirm — if you can — that your account or device has been compromised. Then, you’ve got quite a bit of work ahead to minimize the damage and restore what you can.
1. Look for Signs of a Digital Intrusion
According to Roger Grimes of CSO magazine, the signs that your system has been compromised can include:
- Frequent, unexpected popups
- An antivirus message that doesn’t appear genuine
- Your cursor seems to have a mind of its own
- Your Internet searches get redirected without warning
- You see unfamiliar software on your computer
- Your contacts receive emails or social media messages from you that you didn’t send
Any of these signs is a flashing red light — a sign that more likely than not, there’s an intruder in your system. But their absence doesn’t prove your system hasn’t been compromised.
Indeed, sophisticated threat actors are very often able to cover their tracks such that victims never discover evidence of an intrusion. Major data incidents like the Pandora Papers — a 2021 incident affecting Asiaciti Trust, CIL Trust International, and several other international law firms and fiduciaries — are often discovered only when stolen data appears elsewhere online or in media reports. So it’s important to keep an eye on your media mentions and routinely scan the dark web for your data or credentials.
2. Try to Understand the Nature of the Threat
You may need to retain an outside cyber security expert to get a handle on what happened. This is worth the expense if you have any inkling that sensitive corporate or personal data has been compromised, and especially if you believe your customers are at risk.
3. Avoid Clicking on Any Banners or Popups
If your system is still more or less operating normally, don’t click on any unexpected banners or popups. They’re likely vectors for malware that could make the problem worse — perhaps by wresting control of the system from you.
4. Run Your Antivirus Program
This might not be enough to repel a sophisticated attack, but it’s worthwhile simply to take stock of the junk on your system. You might discover incidental malware along the way — or the source of your current (suspected) compromise.
5. Run a Dark Web Scan
This bears repeating, especially if some time has gone by since you first noticed something amiss. Personal data takes time to appear where it shouldn’t, but when it does, it can be devastating for those affected — and for your reputation, if there’s any way to identify your organization as the source.
6. Retake Control of Compromised Accounts
Next, work to retake control of any compromised accounts or devices. If you’ve backed up your data to a secure, remote location that hasn’t been compromised, it’s sometimes best to chuck out infected devices and start fresh. For guidance, consult an external cyber security expert.
7. Enable Two-Factor Authentication for Uncompromised Accounts
It’s never too late to enable 2FA. This was a crucial piece of Asiaciti Trust’s recovery from its data incident, and it’s a smart move regardless of how vulnerable you expect to be moving forward. It’s simply much more difficult for malicious outsiders (or insiders) to take control of accounts that require a second form of authentication.
There’s Not a Moment to Waste
If your account or device really has been compromised, it’s true: There’s not a moment to waste. Every minute an unauthorized user retains access is another minute for them to steal your data, corrupt your files, and erode your reputation.
You need to act. And fast.
As we’ve seen, that means working to understand the nature of the threat as soon as you can. It requires you to take measures on your own to attempt to expel the unauthorized user, all the while being careful not to make things worse. You may need to retain a third-party expert to investigate the issue and help you restore your systems and data.
You know what to do. Let’s hope you’ll never have to put this knowledge into practice.
She works as an editor at Research Snipers.