Help, I’ve Been Hacked!

Dec 16, 2021 | Small Business Security, Updates & Thoughts

Steps To Stop Hackers Breaching Security by Emails and More

Cybercrime is the fastest growing crime in the USA – it’s true. In 2021, digital incidents cost businesses of all sizes US$200,000 on average. Moreover, the worldwide cost is expected to reach US$6 trillion by the end of 2021. That’s trillion, with a T.

Sadly, in this huge problem, it is small businesses that are a frequent target of hackers – receiving 43 percent of all attacks. What’s worse is that most are largely unprepared to defend themselves. As the Coronavirus pandemic has increased business reliance on remote workforces, it has also provided a basis for large-scale spam campaigns. These tend to use the crisis as a pretext or cover to spread ransomware, install banking malware and direct users to fraudulent webpages about COVID-19. For these reasons, it has become more important than ever to know how to determine if you’ve been hacked, and, if so, what you should do about it.

 

What Is Hacking? A Quick Definition

Hacking is the process by which an unauthorised party attempts to find and exploit weaknesses in a computer system, device or network in order to gain access. The aims of hackers can include stealing information, identity theft, ransomware, vandalism, bringing down major websites, protest, destruction of the system itself or simply personal amusement.

 

How To Know If You Have Been Hacked?

Emails are a common target for hackers. According to Symantec’s 2017 Internet Security Threat, 1 in 131 emails contained malware in 2016, the highest rate in 5 years.

Many email hacks start out with forged “phishing” emails. These appear to be legitimate email messages from a reputable company or friend, but which contain links or attachments that download harmful malware onto your computer. It’s important to know the signs of a phishing email so you can avoid being hacked. Example: have you ever received an email from “PayPal” asking you to update your account information? If so, bad news: in all likelihood, it was a fake. Curiously, as careful as the phishing scams are to be technically probable, they are often betrayed by sloppy spelling and poor grammar. Weird email addresses are also another tell. Be wary of anything purporting to be from PayPal but which has an address like info@playpal.com or paypal.official.notices@hotmail.com.

If you have clicked on one of these phishing emails, you may start to notice suspicious activity on your accounts. Some of the more common accounts that get compromised include bank accounts, social media sites and apps on your local PC that contain sensitive information. 

The signs of hacking to watch out for with respect to online platforms are:

  • Emails from service providers alerting you to suspicious activity or an unknown device accessing your account
  • Friends receiving social media invitations from you that you didn’t send
  • Online passwords that no longer work
  • Missing money from online accounts
  • Notifications that your credentials have been compromised in a password dump.

 

For attacks on your local PC, things to look out for include:

  • Ransomware messages
  • Pop-ups
  • Unwanted browser toolbars
  • Fake antivirus messages
  • Redirected internet searches
  • Unexpected software installs
  • Your antivirus program being disabled.

For most attacks, your immediate course of action should be to change the passwords on your local PC and affected online services. For financial accounts, make sure you check for unauthorised charges and notify the financial institution so that appropriate blocks can be placed on your accounts and associated credit cards.

One of the most serious kinds of attack is ransomware. In this scenario, the threat actor hacks into your PC and takes all of your important files hostage (usually by encrypting them) until you pay a fee – usually in Bitcoin or some other form of cryptocurrency – to unlock/decrypt your data. It is estimated that about 50 percent of victims pay the ransom, incentivising hackers and making this attack one of the most often attempted. 

If ransomware does infect your system, you may have very little time to act before it begins encrypting all of your files. Unless you have a backup plan in place, you will have no way of retrieving the files without paying the ransom. Even if you do pay, it might not do any good. An article from Forbes cites statistics that only 8 percent of businesses and people who pay ransomware demands actually get their data back.

 

Protecting Yourself From Being Hacked

In cybersecurity, as in so many things, prevention is better than the cure. Some steps you can take to protect yourself from ransomware and other forms of online attacks are:

  • Using strong, unique passwords for all your accounts. The key to creating strong passwords is to mix several different types of characters, numbers and special symbols. And, in general, a long and simple password – such as mittensisthenameofmycat321 is often better than a short and complex one, such as &tT%6gu7. Avoid using the same password across several sites or accounts and do not write your passwords down. Instead, you can utilise a password manager to help you create complex passwords, as well as store your passwords securely.
  • Using two-factor authentication (2FA). Where available, this adds an extra layer of security to your accounts by requiring a special PIN or password from a physical device (such as an SMS system or an authenticator app on your smartphone) when you log in from a new device. 2FA is especially important for financial and online shopping accounts. 
  • Keeping your computer software up to date by installing all security updates and patches. Updates often fix vulnerabilities that allow ransomware and malware to infect your system.
  • Only installing software from reputable companies and download apps from official app stores. Hackers often release fake versions of popular software to infect your computer. In figures from 2017, more than 3 million malicious apps were detected in the Asia-Pacific region alone.
  • Having an antivirus program installed with spam filters turned on at all times when browsing. While antivirus software isn’t perfect – its hit ratio has been found to be 50-75 percent – it is, nevertheless, better than nothing as a first line of defence.
  • Having a firewall protecting your corporate network.
  • If you suspect that an email is a phishing email, delete it. Do not click on any links or open any attachments.
  • If you’re ever asked for personal information via an email or social message from a friend or colleague’s account, talk to them first before giving away anything possibly sensitive.
  • Backing up all your files and important documents to a separate storage device that is not connected to your computer. Do this regularly and periodically test it by restoring the backup. If you do have a ransomware attack, you’ll be able to easily roll back to a clean system.

 

Summary

Hacking is becoming more prevalent and pervasive, costing businesses large and small an increasing amount of money each year. While there are steps you can take to minimise your risk, they may be no match for a determined and smart hacker. Internet 2.0’s solution offers best-in-class protection and is managed by a team of ex-military and ex-intelligence cyber experts. What this means is you can just turn to the experts rather than hiring dedicated staff to maintain your security. If you’d like to understand how you can protect your business, contact Internet 2.0 today for a confidential conversation.