“First, do not panic if you think you have been hacked”, says Lisa de Wilde, cybersecurity expert at Computest. She advises organisations that have been the victim of cybercriminals or that want to prepare for a cyberattack.
Have I been hacked?
De Wilde has three examples of possible signs of a cyberattack:
- You cannot open files anymore. A criminal may have locked them.
- Your email provider tells you that they have noticed suspicious activity in your mail program. Or you cannot log in to your email account.
- There are unfamiliar programs on your computer.
Computer on, WiFi off
“If you think you have been hacked, leave your computer on and turn off the internet connection”, says De Wilde. “You might think of immediately turning off your device when you see something suspicious. But that might actually make the damage from the hack worse, and you might delete possible evidence if you turn off your computer.” The cybercriminal can use software to lock your computer, for example. If you turn off your computer, you can erase the criminal’s tracks. And then you cannot find out how they hacked it. That information could be useful for solving the hack.
If you think you may have been hacked, or if you want to know what to do after a hack, you should call on a cybersecurity expert for help.
Find out in time
Cybercriminals sometimes prepare for months before they strike. They can be inside your systems without you knowing it. Your digital valuables, like passwords and customer details, are visible to the cyberthieves. It is as if they are looking over your shoulder. “The longer the attacker stays unnoticed, the more successful and valuable the attack is for the criminal”, explains De Wilde. Since the cybercriminal has had time to get to know your systems, they know exactly which company information is valuable.
Monitoring software can help you prevent someone from entering your system unnoticed. The software sees suspicious situations immediately, so you can do something about it.
You can get used to anything, except a cyberincident
Dangers of a hack
De Wilde has noticed that cybercriminals often have a pattern for their work. “They usually begin by sending a phishing mail, looking for openings in systems that are not up-to-date, or start using a password or other data they got via a data breach.” Then the cybercriminals cause damage in a variety of ways De Wilde gives three examples:
- They take over an email exchange without you noticing and change your invoices. So your customer’s money goes to the criminal’s bank account, instead of yours.
- They steal data from your company and encrypt your work environment so that you cannot access it. Then the thieves ask for money in exchange for giving you access to your systems again. Or they threaten to publish the stolen data if you do not pay.
- They steal confidential company information and sell it on the dark web, a place on the internet where people buy and sell illegal items.
If you have not been hacked, start preparing
If the suspected hack was just a false alarm, De Wilde says you should stay on your guard. “It is no longer the question of whether you will be hacked someday, but rather: how can you keep the consequences of a cyberincident small and manageable?” Be prepared, and make a plan for when it does happen. Think about the following questions:
- Which steps should I take when a cybercriminal hacks my system?
- Who should I tell, and when should I tell them?
- Is there a way I can help my customers without access to my systems? For example via a backup.
- What should I do when the press is at my doorstep (in Dutch)?
- What should I do when there is a data breach?
According to De Wilde, answering these questions will prepare you for a hack. She laughs, but she is also serious: “You can get used to anything, except a cyberincident!