Share in shareholders & investors

I’ve been hacked. What should I do now?

I've been hacked. What do I do now? The statement and question that give this post its title can be a real headache if, when the time comes (hopefully never), we find ourselves having to deal with this problem. In such cases, it is best to have a clear idea of what to do and know how to act correctly, precisely and quickly. The following information therefore explains how to detect a possible security problem and act as diligently as possible to achieve the best results.

Picture of Daniel Consentini

Daniel Consentini Follow

Reading time: 9 min

Detecting a hack

Depending on the case, detecting a security problem can be trivial or, on the contrary, an extremely complicated or time-consuming process. For example, a provider may alert a company that it has suffered a leak in its services that has left data exposed, or it may have malware installed on the device that collects company information without the company’s knowledge.

Assuming that the company in question does not know if it is a victim, a series of suspicions will be triggered. What kind of suspicions? There are a number of signs that can confirm or at least make us investigate a suspected problem a little further. Some of these signs might be:

  • The device’s battery drains faster than usual.
  • You work slower than usual with your device or you notice that it starts to get warmer
  • Applications appear that the company in question has not installed, or even messages or calls that you have not made.
  • Unauthorised purchases arrive
  • Open sessions are closed or you receive unsolicited two-factor notifications
  • Random windows appear
  • Browsing errors appear on certain web pages
  • Passwords do not work

Files on the company device, such as documents or photos, have errors, with strange extensions and cannot be opened.

The above signs already show that there is a security problem that the company should be concerned about. Even so, they can still appear

Translated with DeepL.com (free version)nd gather evidence of anything we find. For example, if we detect unauthorised access to one of our accounts, take a screenshot of the problem and note when it occurred.

Determine the scope and impact

Once we have (unfortunately) confirmed a breach of our information or device, we should carry out an analysis of the scope and impact it has had on our data.

In terms of scope, we need to determine ‘how far’ the attack has reached. That is, analyse which devices and/or accounts may have been altered, whether it has had an impact beyond the exposed environments, verify whether the problem affects third parties or corporate environments, etc. In other words, detect and identify the affected assets.

On the other hand, we also need to determine the impact that the security problem has had. While it is true that this may be a relative assessment and not as well defined as the scope, we must analyse the type of data affected by the problem in question. For example, it does not have the same impact on us if our public profile on a social network is leaked as it does if our personal holiday photos or our bank details are leaked.

Both the scope of the problem and its impact will greatly help us in taking measures and in the subsequent actions to be taken to mitigate the problem.

Carrying out this type of analysis should not take an excessive amount of time. The intention is not to spend hours on it, as it is also important to act with the appropriate speed, but to try to gather as much evidence as possible to help us later.

Take measures

When faced with a security problem, we have an obligation to act. It is no use standing still or ignoring what has happened, as our data and, practically, our lives are at stake. Furthermore, this type of action should be taken with a certain degree of speed, as the problem can become much bigger with every second that passes.

Depending on the type of attack and the resulting security problem, we have to act in different ways, as the measures to be taken will also be different. Below are the most common changes and actions to take depending on what has happened:

  • Change passwords. Changing our passwords is something we will almost always have to do in the event of a breach. Therefore, it is best to access all accounts and change the password. It is also important to check whether two-factor authentication has been altered, if used.
  • Close open sessions. Depending on the account or service, it is possible to have a session open continuously. In addition to changing passwords, it is also important to log out of all devices, even if they are legitimate.
  • Disconnect from the network. If we detect that the attack is concentrated locally on our device, it is a good option to disconnect it from the network. This means removing the cable or Wi-Fi, leaving it isolated and without external connections.
  • Block bank cards. We usually have our bank details and cards associated with accounts registered on different websites. If they manage to access any of these environments and obtain the data, unauthorised purchases could be made, so temporarily blocking your cards is a good security option.
  • Uninstall apps. Sometimes we may find strange apps that have not been installed intentionally. If this happens, uninstall the apps and try to delete any residual files.
  • Restore your device. Sometimes, even a thorough clean-up will not completely eliminate the problem. In this case, a good option is to format or factory reset your device and ‘start from scratch’.
  • Check social media. Social media is a perfect showcase for spreading malware, so we must ensure that no one has accessed our networks, sent illegitimate messages or made unauthorised posts.
  • Perform a malware scan. There are many security tools that allow us to scan our devices for malware. Performing these types of routine scans is a good way to protect yourself and/or detect potential problems.
  • Erase the disk. This is perhaps one of the most radical options available, but in certain cases, it is the only way to completely eliminate the problem. Formatting the entire device and ‘starting from scratch’ is one way to clean your device.

The circumstances and the way in which a possible hack is dealt with can vary, as mentioned above. Even so, the aim is to have a small action plan in place so that we know what to do at all times and do not freeze.

Notify the authorities

Once the corrective measures have been taken to resolve the security problem, we can notify the relevant authorities and report the incident. In this regard, both the National Police and the Civil Guard have websites where you can contact them and report the incident.

Notifying or informing is not the same as reporting. If you have been the victim of a computer crime such as online fraud, or even abuse such as threats, insults, etc., then you can report the incident to the authorities. In these cases, the only difference is that you must go to the relevant authority’s office and file the corresponding complaint. What I consider advisable in these cases is to prepare or carry out a preliminary analysis of the scope and impact, so that the complaint is as complete as possible.

Review and increase your level of security

In general, if you have been the victim of a security incident and your information has been accessed, it usually means that there is something that is not properly configured in relation to cybersecurity. This being the case, and in order to avoid repeating this unfortunate situation, you need to thoroughly review all possible security measures, establishing as many barriers as possible.

As before, depending on the type of attack received and the information that may have been leaked or damaged, the measures to be taken will vary. Below are a series of recommendations that should be adopted from the outset in order to reduce the risk of an attack:

  • Be careful with passwords. As this is the default validation mechanism in any application, we must maintain secure and independent passwords for each site. We can use password managers, biometric systems or even adopt other solutions such as the ‘passwordless’ world.
  • Enable two-factor authentication. If we have not already done so, we should enable it on all accounts where possible. Two-factor authentication (2FA) or multi-factor authentication (MFA) is one of the best ways to protect our accounts.
  • Keep your systems up to date. Device and application updates are very important for fixing vulnerabilities. These update packages contain numerous security patches.
  • Use anti-malware systems. Anti-malware protection systems have become ‘security suites’ that provide value beyond active protection. Using these types of solutions can greatly help protect your equipment.
  • Unknown applications (or hardware). We must pay special attention to unknown applications, taking our time to analyse them. Similarly, do not connect any unknown devices to your computer, as they may contain malware.
  • Be cautious with links, messages and/or fraudulent calls. Before accessing any link, no matter how trustworthy it may seem, we must evaluate it and check whether it is legitimate. The same applies to messages and calls: never give out personal information and run away if you notice any suspicious activity.
  • Use of prepaid cards. When shopping online, it is common to add a credit card or even a bank account. If your account is stolen, they will be able to make purchases. To avoid this, we recommend using prepaid cards, which, even if stolen, will not have any funds available.
  • Make backup copies. Although making a copy of your data is a passive mechanism, it is important to have a backup of your information to avoid subsequent losses.
  • Stay informed (and spread the word). Information is power, and paying attention to the latest developments in the world of cybersecurity is important. Knowing whether your device model has vulnerabilities, whether you are the target of phishing campaigns, etc. provides extra security. Similarly, if you have experienced an incident of this type, you should inform those around you so that they can remain alert.

We still have questions…

It is normal to have questions when faced with a cybersecurity incident. Fortunately, it is not something that happens to us every day, and when it does, it can be stressful and uncomfortable.

If, at this point, we still don’t know how to tackle the problem, there is a fantastic service available to help us. This is INCIBE on its citizen portal. This is a government help service that allows us to consult multiple cases and situations. From this portal, we can identify new attacks, vulnerabilities in our devices, cybersecurity news, etc.

In addition, INCIBE provides citizens with a free telephone number where they can ask any questions they may have and find out how best to respond to a possible cybercrime. It is also available via instant messaging apps and in person. The statement and question that give this post its title can be a real headache if, when the time comes (hopefully never), we find ourselves having to deal with this problem.

In these cases, it is best to have a clear idea of what to do and know how to act correctly, accurately and quickly. Therefore, the following information explains how to detect a possible security problem and act as diligently as possible to achieve the best results.

Share it on your social networks

#

Word of the week

Cybersecurity

Most read in the last week :: TOP 5

    Advantages and disadvantages of ICT in education
  1. 7 advantages and disadvantages of ICTs in education  
    Telefónica's photography
  2. 9 technological inventions that have changed the world 
    Telefónica's photography
  3. Technology and the environment: a battle between harm and benefit
    Yanina Chalup's photography
  4. Telecom Single Market: Scale, Simplification and Technological Convergence
    Philippe Gröschel's photography
    Dácil Jiménez Delgado's photography
    Paloma Villa Mateos's photography
  5. 10 Tips to improve your photos
    Roberto Valentín Carrera's photography

Related Content

Communication

Contact our communication department or requests additional material.

Background formBackground form mobile

Subscribe to Telefónica's blog

For example, [email protected]

close-link