Your worst nightmare has come true. You drive into work, settle into your chair and pull up your company’s social media accounts to see if anything happened over night. The page or social media management software loads up and you find hundreds of notifications. A burst of excitement rushes through you. Did it finally happen? Did you go viral?
Yet, as you start to read the feed, it’s filled with “hacked” “LOL” and “I sure hope they got hacked, this is messed up.” You panic, going to the page to see what got posted. It’s filled with hate speech, inappropriate images, threats, and everything else a business page wouldn’t want.
Perhaps it’s not your social media that got hacked, it’s your email. They have access to tons of private information, ranging from your business Amazon account to your Britney Spears Google alerts (no judgements here!). Maybe the worst happened, and they broke into where you store your customer’s private data, meaning all of their credit card and private info is in the hands of the hackers. What do you do?
Lock Down All Accounts, Change All Passwords
Before you start doing damage control, you need to make sure the hackers can’t do any more harm. Nothing looks more unprofessional than telling your followers the account has been hacked while the hacker is still posting. Put all of your accounts, social and personal, on lockdown.
To start, change all your passwords on everything. You can’t be positive of everything the hackers got into, but better safe than sorry. Have everybody at the company update their passwords to everything, personal and business. Until you can find out how they got in, assume everything is vulnerable.
You might also want to set all social media accounts to private until everything is sorted out. You don’t know who the hacker is and what kind of access they have, so lock everything down to the top privacy levels for now.
If you use a password manager, whether it’s just in your browser or a third party software, don’t update that with new passwords just yet. If that’s the password the hacker guessed and has access to your password manager, all your work will be for nothing.
Once all passwords are updated and you are sure you have complete control of your accounts again, then you can start repairing.
Finding What Got Breached
You need to start investigating what happened and how much information got breached. You can either do this yourself or hire a data breach professional to help.
To start, many accounts track the physical location and IP addresses of where they get accessed from. Social media, most emails, and many other online accounts track this info, and can be a good step to determine what information got breached. Go through all of the accounts, gather that info, and find out what other information they could get to.
For example, if a hacker got into your email, all of the information within the email is at risk. They could have completely downloaded everything from it, including the email addresses of everybody you’ve ever talked to. If you’ve ever emailed somebody your credit card info or a password, you need to change it ASAP.
Sometimes, hackers do a great job at covering their tracks, but others want to get found out. If they’ve stolen important data from you, they might hold it ransom until you pay up. Do your best to find out what is compromised and make a plan from there.
Checking for Malware
It’s quite possible you got hacked because one or more of your company devices got infected with malware. If you have employees, it could have been one of them downloading something suspicious onto a company computer, or even onto their personal phone, which then infected a computer with private info on it.
Do a sweep of all devices connected to any company networks. That includes:
- IoT devices
Personal or private, any one of these devices could be infected with malware, and unless you find and get rid of it now, your hacking woes are just starting. If malware is to blame, consider training your employees in some best practices to protect not just the company, but their personal devices too.
Inform the Public and Start Repairing Trust
Once you’ve gotten a handle on the extent of your hack, it’s time to start revealing to the public what happened. If customer data has been breached, you need to alert them immediately of what happened. That way, they can freeze their current payment method and get new ones right away, and start updating their own passwords as needed. When emailing or alerting them, provide resources on best practices to protect themselves during this hard time.
If it’s a social media account that got hacked, delete the offensive tweets, apologize to everybody, and give some information on what happened. Was it a disgruntled employee wanting to hurt the company, or did somebody from the outside guess the password? Explain the situation, what you are doing to prevent it from happening again, and move forward. Most people have an experience with getting hacked and will understand.
If the hack is bigger than social media though, you have a lot more work to do to earn the trust of your customers. If private data was stolen, you need to detail out what you are doing for the future to protect them and consider hiring a data security firm to back you up. Show, don’t just tell, how you are keeping the data safe.
Don’t Let It Happen Again
Consumers can understand a single mistake. You got hacked. It happens. Once the initial fury subsides, they’ll move on. But if it happens again, people get mad.
Look at Equifax. They announced that they got hacked, putting millions of people at risk, and then a few months later, announce the hack was much worse than they thought. Then, later, another part of Equifax got hacked again, resulting in consumers losing all trust in the credit bureau.
So, you need to go extreme protecting your business from hackers. Follow all of the best security practices, force employees to have strong passwords, pay for top of the line security software, and patch all holes in your security. No accessing open Wifi networks at coffee shops, don’t let strangers use your devices, and encrypt your USBs carrying sensitive data when traveling.
You can’t guarantee you won’t ever get hacked again, but you will lower the risk considerably by being diligent and keeping all security measures up to data. Don’t just assume it can’t happen to you — it can and will. Protect yourself and your customers.