In our last article we gave practical tips on how to prevent yourself from being hacked. But, what do you do if you have been hacked? Unfortunately, because technology is such a huge part of our lives that means that the risk of getting hacked is always present. Here are a few tips you can follow to secure yourself and your accounts after being hacked.
The absolute first thing you should do is change your password.
A strong password is unique, includes upper case and lowercase letters, numbers, and special characters. You can use a mnemonic device to help you remember complex passwords, such as the first letter of every word in a song.
- TtL$hiwWYA5 (Twinkle, Twinkle Little Star with special characters and a number)
- To make this process easier, consider using a password manager for secure password storage. This will help keep passwords organized and secure. LastPass or Dashlane are two great recommendations.
Enable multifactor authentication (MFA) on your account.
Preferably via an app (e.g. Google Authenticator). If MFA is not offered for your account, you should consider either switching account services or not using the account because of a lack of security.
Update your account recovery questions.
Recovery questions should not include things easily guessable or searchable, such as your mother’s maiden name or a pet’s name. Consider putting in something unique such as a randomly generated password from a password manager as the answer to these questions. The answer to the recovery question does not have to be the actual answer to the question. Be sure to document them in a safe place, such as a Password Manager.
Enable account login notifications if that is offered.
This can help if your account is compromised and can speed up the recovery process.
Log out of your account on all devices.
E-mail providers like Google offer this option to disconnect e-mail from linked devices.
Check the login logs for your account.
Most cloud services log each and every time you log into your account. You can see when and from where your account has been accessed. This can help in conjunction with logging out of your e-mail on all devices.
Check the e-mail settings if you use an e-mail client (e.g. Outlook/Thunderbird) to ensure you are using SSL. If you don’t use SSL and you use an open WiFi connection, your e-mails can be read and/or intercepted.
Use fraud alerts
If the account that was hacked is a financial account, add a fraud alert to your credit report as soon as possible. This will make it harder to open a new account under your name if your identity has been stolen. Adding a fraud alert is free, good for 90 days, and if you add it to one credit reporting agency it will be reported to the others.