So, your email has been hacked! Well this is very likely in the age of ransomware and malware attacks and especially when sophisticated,socially engineered attacks are reported. More than 80% of the breaches in companies are via email hacks. Somebody, somewhere in the organization ended up activating the macro or the malicious code which lead to the compromise. Your email possibly has all the sensitive personal information and needs immediate attention when it is hacked more so, in companies where the account is connected to a larger company network. Your email account might also include the communication from your financial service providers, crucial business information, project informationetc and everything is highly important.
Things you should do when your email is hacked
- Clean the system using antivirus- When the network is breached, it might take weeks, even months before the penetration of attack can be ascertained. The first step which needs to be done is running an end-to-end system scan. Its possible that hackers don’t just want your mail account about a lot more information which might be on your systems and network. Hackers typical want to hold you ransom for any reason which might be of importance to the company, hence a full system scan or all the endpoints is important to find any residue of malicious code in the system and isolate the machines breached.
- Redo all the passwords you have been using- Once your system is cleaned, the next thing you should do is change the passwords for all the accounts you were using. Try to adhere to strength measure of the password and try to make it unpredictable. Employee’s must also have some basic hygiene related session for attending to unknown mails.
- Spread the news- it’s a good idea to tell people in your contact list that you were hacked. During the period the hackers had control they could have sent tens of, hundreds of mails to people.
- Report the hack- This is again a crucial step, reporting the hack to CERT or any other industry body. This will not help improve the preventive steps but also forewarn others in the network of breach.your email provider. This way the bodies can actually track the spam-based behavior from your account or any other vulnerabilities.
- Figure out the vulnerability as quickly as possible because until the vulnerability is caught and patched the systems, companies are exposed to danger.
Companies must use the state of the art security measures to test the vulnerabilities regularly as well as upgrade the security. Also, the most important actor in the whole process are the user of the technology. There should be regular awareness programs conducted in companies. Usually there is someone in the organization who let the guard down or did something simple to cause a massive breach.
Remember, persistent attackers eventually succeed. Corporate espionage, Phishing scams as well targeted, nation-state attacks end up succeeding and getting the information attackers need. The only way to keep safe is changing the ideology from ‘Protection to Prevention’. Using the advanced Threat intelligence technology which uses the Machine Learning driven algorithm making protection technologies smarter.