You do all the right things like running antivirus software and being careful about the websites you visit and it can still happen, you can still get hacked. Exploits are getting increasingly sophisticated and even the most tech savvy can suddenly find themselves vulnerable. Getting hacked does not necessarily imply that you did anything wrong; sometimes it just happens. What you do after the discovery is far more significant than getting hacked in the first place. After you’ve been hacked is not the time for recriminations, it’s the time for direct action.
The first steps will keep the damage from getting any worse, then we’ll proceed to the cleanup. Computer exploits are marvelously malevolent these days. The initial hack can open up a window to your computer’s soul and start installing a myriad of nasty programs that make clean up next to impossible.
First Call Your Bank, Investment Broker and Credit Card Companies
You have to be a little careful how you do this because a panic phone call to your bank can leave you without any cash to live on. Explain to them that you think your computer or other online accounts may have been compromised and request a fraud watch. This is less necessary today than in the past because banks are more diligent, but notifying them can help clear up any fraudulent charges that occur later. Every financial institution has slightly different policies and capabilities, they’ll tell you what you need to do to secure your accounts. Get a notebook and keep records of dates, times and everyone you talk to.
Implement a Credit Freeze
Step one is to keep hackers from draining your bank accounts, step two is to prevent them from opening up credit in your name. The Federal Trade Commission has an excellent site for anyone who is the victim of identity theft. The safe course is to assume that if your computer has been compromised, your identity has as well. I get that it’s a pain, but it’s easier to head off problems than clean them up.
The Cleanup
After making sure your money and credit reports are secure, now you can address the original computer problem. My solution is extreme but effective; burn it to the ground and start over from scratch. I completely remove the operating system, overwrite the drives with security software and rebuild the entire system from scratch. It’s the technology equivalent of nuking the entire site from orbit. You may need help with that task, which should be easily accomplished by any reasonably competent tech support company. Trying to clean up the hack can sometimes be effective, but in these days of sophisticated rootkits, binary attack vectors that rebuild themselves from fragments and zero day exploits my way is difficult but certain.
Securing Your Online World
If possible try to fix your computer before securing your online accounts because your computer could very well be transmitting your new passwords to the hackers. You can also use a different computer to do this while your old one is being rebuilt. If you use Gmail step one is to change your password and turn on two-factor authentication, which is explained here. That way thieves would need your password and cell phone to get control of your Gmail address. If your current email address doesn’t have two-factor authentication, setup a Gmail address and update all your online accounts with the new email account. If you’re using the same password on all your online accounts, consider getting a password manager like LastPass.
Don’t Trust Your Computer
Finally, you and your computer are going to have an arm’s length relationship from here on out. Storing your social security number, date of birth or bank account numbers on your computer anywhere is a no-no. These days it’s hard to do anything related to banking or investing without working on the internet, but consider having your bank and investment accounts be the two that you keep in your head and never save the password on paper. Sometimes it’s easier to use a phrase as a password, like MyDogHasFleas. If you really want to confuse it substitute some characters for symbols like Myd@gh*sfle*s, which is a very secure password.
I could easily close with the comfortable platitude that online security is just common sense, but that’s simply not true. There’s nothing common about the skill set of people trying to gain access to your computer these days. They are organized, sophisticated and usually operating in countries far from U.S. jurisdiction. Eternal vigilance served with a side of paranoia is going to be your lot online from now on.