It’s a sinking realization: I’ve been hacked.
Not unlike having your wallet stolen or your car broken into, there’s a huge feeling of violation when you realize someone has been inside the account, software or system you thought you’d secured. What’s worse, it may be more than your own data and information that’s been compromised.
Hacking can take many forms, including using randomizers to effectively guess passwords, collecting private information through digital scams, and enticing users to click on malicious links or downloads. No matter how it happens, hacking is a cybersecurity breach that potentially compromises data and systems by seizing on a vulnerability.
Even if you’ve researched your software’s security systems, used our six cybersecurity tips to avoid hacks and enabled best practices, hacks still happen. The question is: What do I do next?
Change Your Password and Tap into Security Features
If you can still access your account, log in and change your password. Make sure to follow guidance for secure passwords:
- Make it long, as in double digits in length.
- Use a mix of numbers, uppercase and lowercase letters, and special characters.
- Don’t include real words or numbers that stand in for a letter, such as “@” for “a.”
- Avoid verifiable personal information, such as your year of birth or favorite athlete’s number.
- Create a password that you’ve never used on any other site.
Meeting these requirements and storing unique, secure passwords can be much easier with a password manager tool. But don’t worry about setting that up just now. Focus first on getting your password changed immediately.
Check whether there are any other security measures you can immediately take, such as logging yourself out of all devices, setting up two-factor authentication or installing software updates. These can eliminate the hacker’s access.
Get in Touch with Your Provider
If someone has been in your account, let the platform provider know about the security breach. This can protect you in case there’s fraudulent activity or spending related to the breach, including for bank accounts and credit cards. It may help the company shore up security loopholes, or spread the word to other customers about a new phishing scam.
The provider may suggest getting in touch with authorities, depending on the source of the hack and the information that’s vulnerable. Police should take information compromises seriously.
The service or account provider may be able to help you with security features, such as two-factor authentication, secure password verification or logout from all devices, to keep your account safer immediately. The representative may also be able to flag your account for further monitoring or suspicious login attempts.
Here’s how to get in touch with a few of our favorite solutions providers:
- QuickBooks: Contact through Intuit’s security portal, or click the Help button when logged in to QuickBooks for chat.
- Bill.com: Contact through Bill.com’s Security Center, or click the Support button when logged in to Bill.com for chat.
- CashFlowTool: Contact through phone, chat or email options on the CashFlowTool help and support page.
If a service you use has been hacked on a systemwide level, the company should reach out to you through in-account messages or via email. You can always reach out proactively if you hear about the cyberattack on the news. Often, the company is able to notify you whether your specific account was compromised by the security breach, and it can let you know how it resolved the hack.
Communicate with Your Customers
Just like you expect a platform to notify you when there’s a cybersecurity breach, your customers or clients deserve the same proactive communication from you if their data is at risk after the hack.
For example, you may have e-commerce clients whose customer data and credit card information are in your system. It’s not just morally correct to let them know about a breach that involves personal information; it’s the law in every state.
Consider the type of information that the hacker had access to, and the severity of risks associated with it. If names and Social Security numbers were revealed, there’s a high risk of identity theft – and customers can take steps to monitor for fraudulent activity.
When you communicate with your customers, be clear and transparent. The U.S. Federal Trade Commission recommends including:
- What happened and how customers’ information became vulnerable.
- What information the hackers took or had access to.
- What you’ve done to set things right and ensure security.
- How you’re offering to protect your customers.
- How to reach someone to talk to at your business.
Be Prepared, Then Act Quickly to Make Things Right
The inherent risk of using technology to do business is the possibility of a cybersecurity breach. Take steps to protect your systems, software and accounts, and educate yourself on action steps and your state’s laws, in case the worst should happen. If the worst should happen, you’ll be prepared.
If you have questions about the best security practices, developing your action plan or getting help after a hack, contact us today. We’re here as a resource, so that you’re both confident in your software and know you can count on us as your partner, if you need help in the wake of a breach.