So You’ve Been Hacked

It’s that moment we all dread, when you finally accept the fact that – yes – you’ve been hacked. In the time it takes you to read this blog, a dozen sites will be broken into. An attack occurs approximately every 39 seconds – that’s over 2,000 attacks per day. The hackers have two basic things on their side: time and more time. An experiment was done a few years ago where a server running a completely unpatched version of Windows Server 2003 was hacked within 7min of going online. 7 minutes. With numbers like that, the odds of your company being attacked are steep, and a successful attack will cost you time, money, and consumer trust.

Of course the goal is to never get hacked but with the likes of Equifax, Marriott, Veeam, Capital One, and Yahoo! all being hacked within the last few years, the sobering reality is, it happens and you better be prepared for it. If you discover you’ve been hacked, time is of the essence in order to prevent losses, mitigate the damage, and hold onto customer trust.

In the unfortunate event that you think you’ve been hacked, here are some of the first steps you should take:

Take the Infected Computer off Your Network
This should be an obvious first step – cut off any computer you suspect has been compromised from the network.

Verify You Were Hacked
The longer a hacker can remain unnoticed, the more valuable the information he can obtain. Your biggest advantage here is familiarity with your network and the usual traffic. Thus, it’s important to be aware of your normal network operations so that you can tell when something’s off. And once you know something’s wrong, it’s a matter of determining what.

Assess the Attack
Is the hacker trying to steal your data? Ransom your files for money? Your next steps will vary depending on what information was taken… and what was done with it. You might have to alert your clients about stolen files, or you might need to make the difficult decision of whether to pay a ransom. This is where having a good backup policy in place can really save the day. If your data has been encrypted, paying the ransom only encourages the hackers to do this again. If you also read our previous post, The Importance Of Backups, you’ll see why having a good backup policy and a backup testing policy in place are critical.

Alert Your Coworkers
If a hacker has compromised your business, it’s only a matter of time before they have full access to just about everything – which includes all your coworkers’ data. Similarly, if a hacker was able to phish you for information, your coworkers need to know about his scam. Staying informed is critical to staying safe, and the more security measures are taken, the better.

Change Your Passwords
This one should need no explanation. However, you need to take this important step and also make sure that you are not repeating any passwords throughout the various sites you may use. If you have used the same password in multiple places, these ALL need to be changed.

Determine How the Hack Occurred
“Those who do not read history are doomed to repeat it.” – George Santayana. Was the hack a result of user error, a vulnerability in your software, poor security practices? Usually, there are multiple weaknesses that are exploited in order to gain access to a system. Regardless, once you find what went wrong it needs to be righted. This might mean extra employee training, new security initiatives, or installing new protections such as Multi-Factor Authentication (MFA). The end result of a breach must be changed. If you don’t change, you’re opening your company up to a second attack, and that next attack might not be recoverable.

It’s a point of pride among system administrators that they’ve never been hacked, but even the most secure companies still have vulnerabilities. A hack is never a good thing, but with the right steps, it can be a “less bad” thing.

Written by Joe