12-Step Program for “Hacked-Anonymous”

March 3rd, 2018

Priyanka Shitole

Priyanka Shitole

Jane: “Hi, I am Jane, and I have been hacked.”

Group members: “Hi, Jane!”

At one point or another, most us have been victims of the identity theft, website and email hacks, and cyber threats. While we can’t completely stop such intrusions, we can most certainly take preventative measures and ensure that intruders and bots won’t easily hack their way into our online accounts and lives. Better safe than sorry!

  1. The three Ts. Understand, accept, and admit that if given the right Ts – Tools, Talent, Time – anything and everything can be hacked.
  2. Follow password hygiene. Always use a unique and strong password for every online account. If any account has been hacked, promptly change the password for all the compromised accounts. Use a new unique password that has not been used before. A stronger password is: minimum eight characters, at least one uppercase, one lowercase, one number and one alphanumeric character. It should not include your name, your pet’s name, birthdate, etc.
  3. Check recent activity. View the sign-in history for each device or browser on which your account was accessed. If you see something unusual, contact the service/software provider and report the violation.
  4. Confirm recovery options. Verify backup email address, password-recovery email address, security questions and answers attached to the account. Make sure backup email address and question/answers are valid and current. If anything seems out of place, update recovery and security information after changing the account password.
  5. Verify configuration. Check account settings to see if there are any changes you didn’t configure. These can include:
    • Filters
    • Signature
    • Sending name
    • Auto-forwarding
    • Reply-to address
    • Vacation response
    • Blocked addresses

    If these configurations seem to have been tampered with, then promptly delete the unauthorized changes.

  6. Spring-clean regularly. Just like your home, your devices and accounts need to be tidied up often. Scan laptops, desktops and even cell phones, using anti-virus softwares. Delete/uninstall unused applications, softwares, files and programs. Data tends to get corrupted and vulnerable if not used for long. Verify the apps connected to your account and the apps you’ve given permission to access your information. If you haven’t used any of these apps in long time, revoke the access. You can always add them back when needed.
  7. Report incidents to IT or the service provider. It is never too late to report any suspicious activity or mishap to an IT professional. If your account is hacked, then you might be putting the entire network (of office or home) at risk of getting hacked. If notified on time, the IT team can take measures to prevent the further damage.
  8. Never share passwords. Don’t share or email passwords to anyone, or store passwords in an email, open-space, or on the computer where it is easy to find. Verify the recent account changes – when the password was last changed, password hints, personal information, security questions. If someone accesses your email account, they don’t just get access to your emails, but also to your personal and financial information. Reconsider what you store in emails.
  9. Watch your social steps. As technology bridges the gap between personal, social and professional life in an attempt to connect people, your information has never been more out there, very easy to find and misuse. It has become more important than ever to think twice before posting, sharing, updating social profiles or statuses. Limit the amount of information you display in public and on social networks. Not all of your hundreds of friends and followers are your real friends.
  10. Bookmark as needed. We all visit a few websites regularly, such as bank, online shopping websites, social platforms, work-related websites, schools and kids-related portals, etc. Bookmark these trusted websites. By doing so, you will avoid accessing any similar but hacked website. If you access a website that has been hacked or is a source of spam, you risk infecting your device or compromising the data on your device and network. Never access any account that requires a login and password from a public network, such as an airport, train station, coffee shop, etc.
  11. Think before you download. It might be easier to take back words once spoken than a virus once it has nested on your device. Always validate the legitimacy of any program, game, app, video, or song before downloading it. Look for https or the green lock in the browser toolbar where you see the web address. It shows that the site is secure to access. Never click on any funky pop-ups. That is the first sign of a website infected with spam. If something doesn’t feel or look right on a website, most likely it is not. Exit the browser immediately. Make sure no pop-ups remain open.
  12. Make amends. If you get hacked despite all these preventive measures, follow the post-hack steps mentioned above. Once you have made sure your accounts are secure again, send an email to your contacts saying you were hacked. Nothing wrong with letting your contacts know about it. In fact, by sending an email, you are making them aware of the potential threat they may have been exposed to or the spam emails that might have been sent from your account, which stops them from opening or clicking.

Protect yourself and your network by taking simple steps to ensure sanity of your personal, social and professional life.

Posted in Blog