How to Respond
If you believe your computer or device has been hacked, the sooner you respond the better. If the computer or device was provided to you by your employer or is used for work, do not try to fix the problem yourself. Not only can you cause more harm than good, but you could also destroy valuable evidence that can be used for an investigation. Instead, report the incident to your employer right away, usually by contacting your help desk, security team, or supervisor. If for some reason you cannot contact your organization, or you are concerned about a delay, disconnect your computer or device from the network and then put it in sleep, suspend, or airplane mode. Even if you are not sure if you have been hacked, it is far better to report it just in case. If the computer or device is your own for personal use, here are some steps you can take:
- Change Your Passwords: This includes not only changing the passwords on your computers and mobile devices, but for all of your online accounts. Be sure you do not use the hacked computer to change the passwords. Instead, use a different computer or device that you know is secure to change the passwords.
- Anti-Virus: If your anti-virus software informs you of an infected file, you can follow the actions it recommends. This usually can include quarantining the file, cleaning the file, or deleting the file. Most anti-virus software will have links you can follow to learn more about the specific infection. When in doubt, quarantine the file. If that is not possible, then delete it.
- Rebuilding: If you are unable to fix the infection or you want to be absolutely sure your system is fixed, a more secure option is to rebuild it. For computers, follow your system manufacturer’s instructions. In most cases, this will mean using the built-in utilities to reinstall the operating system. If these utilities are missing, corrupted, or infected, then contact your manufacturer for guidance or visit their website. Do not reinstall the operating system from backups; they may have the same vulnerabilities that allowed the hacker to originally gain access. Backups should only be used for recovering your data. For mobile devices, follow the instructions from your device manufacturer or service provider, these should be on their website. In many cases, this may be as simple as restoring your mobile device to factory default. If you feel uncomfortable with the rebuilding process, consider using a professional service to help you. Or, if your computer or device is old, it may be easier and even cheaper to purchase a new one. Finally, once you have rebuilt your computer or device (or purchased a new one) make sure it is fully updated and current and enable automatic updating whenever possible.
- Backups: The most important step you can take to protecting yourself is to prepare ahead of time with regular backups. The more often you back up, the better. Some solutions will automatically back up any new or changed files every hour. Regardless of which backup solution you use, periodically check that you are able to restore those files. Quite often, recovering your data from backup is the only way you can recover from being hacked.
- Law Enforcement: If you feel in any way threatened, report the incident to local law enforcement.