Blog Posts

You’ve Been Hacked: 6 Steps on the Road to Recovery - 1Path

Written by 1Path | May 7, 2024

Cybersecurity

In the time it takes you to read this article, half a dozen users will be subjected to a hacking attempt. An attack occurs every 39 seconds, which means over 2,200 attacks a day. With numbers like that, the odds of your company being attacked are steep, and a successful attempt will cost you time, money, and consumer trust. While the goal is to always avoid being hacked, the sobering reality is, sometimes, it happens.   

If you’re hacked, you’ll need to move quickly to prevent losses and mitigate damage. Certain actions are essential to your company’s recovery. Other steps will prevent your company from being hacked in the future. 

In the unfortunate event that you think you’ve been hacked, here are the first 6 steps on the road to recovery:  

1. Verify the Attack

A hacker doesn’t want to be discovered; the longer he stays in hiding, the longer he can continue attacking. For this reason, it might not be obvious that an attack has occurred at all (though there are a few telltale signs that something’s awry). Thus, it’s important to be aware of your normal network operations so that you can tell when something’s off. And once you know something’s wrong, it’s a matter of determining what.  

2. Assess the Attack: What Kind of Hacker are you Dealing with?

Hackers have numerous motivations, and it’s important to know what your hacker was after and whether he was successful. Is the hacker trying to impersonate you? Steal your data? Ransom your files for money? Your next steps will vary depending on what information was taken… and what was done with it.    

You might have to alert your clients about stolen files, or you might need to make the difficult decision of whether to pay a ransom. You also might need to check your back-ups or call your MSP to see what’s salvageable. But regardless of the attack type, your next step remains the same: 

3. Take the Infected Computer off Your Network 

As we explain in our eBook, a secure network is imperative to a secure business. If you’ve been hacked, you’ll need to take the affected computer off the network to stop the spread of attack. Think of it like any other virus: if a coworker’s sick, she’ll stay home, and if your child has a temperature, he won’t go to school that day. If a computer is “sick,” it can’t hang around the other computers, because one of the worst things about a virus is its ability to spread. However, in case you don’t take it off early enough, it’s also important that you… 

4. Alert your Coworkers

If a hacker has compromised your computer, it’s only a matter of time before that virus hits your coworkers, too. Similarly, if a hacker was able to phish you for information, your coworkers need to know about his scam. Staying informed is critical to staying safe, and the more security measures taken, the better. For that reason, the next thing you should do is:  

5. Change Your Passwords

If a hacker has control of one account, chances are he actually has access to many accounts. We tend to reuse passwords/make them personal and super easy to guess, so it’s easy for a hacker to take your Facebook information and apply it to your LinkedIn account. He can then modify your LinkedIn password and use it to access your work files. In a matter of minutes, the hacker’s broken into all your accounts, all because of a bad password. A single weak point.  

6. Determine How the Hack Occurred (and Make Sure it Doesn’t Happen Again!)

In order to stop a hack from occurring a second time, you need to understand what went wrong the first time. Was the hack due to user error? A vulnerability in your software? Multiple factors? Whatever went wrong needs to be righted—this might mean extra employee training, new cybersecurity initiatives, or installing new protections (like MFA and SSO). In certain cases, it means all three. Regardless, change needs to be the end result of a breach. Because if you don’t change, you’re opening your company up to a second attack, and that next attack might not be recoverable. 

None of us wants to be hacked, but even the most secure companies still have vulnerabilities. In the event that your accounts become compromised, move quickly and purposefully, and find out how the hack happened. A hack is never a good thing, but if you take the right steps, it can be a “less bad” thing. Even better, a hack can become a learning experience and ensure that you aren’t hacked again.