2. Secure your accounts
Once you’ve established that a cyber-attack has happened, securing your accounts and log-in information is the next priority. This doesn’t just mean for the application or account that’s currently under threat, but for all your sensitive accounts. If a hacker knows one email and password, there’s a good chance they’re going to try that combination for multiple accounts, putting even more of your data at risk.
What to do next: Before rushing to change all your passwords, it’s worth running a comprehensive anti-virus program to ensure that your business devices are still secure. Once you’re satisfied they’re safe, create new and unique passwords for all of your accounts, preferably ones that are difficult to guess: A random string of letters, symbols and numbers is ideal, even if it’s tricky to remember. It’s important to get your team to do the same thing with all of their passwords too, especially if you’re not sure which accounts are vulnerable. This is also a great time to ensure everyone has features like two step authentication enabled for their accounts, so any further unauthorised login attempts are met with an additional layer of security. Above all, if you’re seriously concerned about the scale of the incident, get in touch with your IT team or external managed service provider (MSP) to temporarily lock down your whole IT system as soon as possible.