Even with comprehensive training, frequent reminders and high vigilance, an ultra-sophisticated phishing attempt may slip past you or a member of your team in a moment of distraction. Many likely already know the sinking feeling of recognizing unusual pop-ups on your device or having a contact reach out to say “I got a really weird email from your account… was this you?” and realizing you’ve been duped.
Luckily, there are a few easy steps you can take to mitigate the damage – this checklist will get you started!
1. Update your team
First things first – impacted employees should notify their organization’s IT team or security provider before taking any action using corporate equipment. Running malware or other scans, disconnecting from the network and even shutting down the device could compromise forensic evidence.
Trust your IT experts and follow their recommended protocols before doing anything else!
2. Update your password
Once you’ve got the all-clear, consider changing your password for the system that’s been impacted. And if you use that password for any of your other accounts, make sure to update it in those systems as well.
In cases where it’s your computer that’s been compromised (and not just a single account), we recommend changing all your passwords, as some viruses can sweep your browsers for saved login credentials. Just make sure to change these passwords from another computer so that the new login credentials don’t just end up in the same (wrong) hands again!
Going forward, try using a unique password for every account you have to prevent multi-platform breaches in the future. Sound daunting? It doesn’t have to be – check out Payworks’ do’s and don’ts of password management to start strengthening your account security today. You can also apply two-factor authentication to add another layer of protection.
3. Update your tech
Start by taking your computer offline by disconnecting from the local wifi network or directly unplugging your network cord to prevent further unauthorized access or damage. Following the guidelines suggested by your IT group, scan for malware to identify and quarantine any infection.
Depending on the results of the malware scan, you may need to reformat your computer. Just make sure you’ve backed up your data first! With that said, backing up and restoring data from a compromised system may reintroduce the risk that motivated the reformat in the first place. If you don’t already have a data backup plan in place, now’s the time!
4. Update your account providers
Most online accounts allow you to play detective and see when and from where your account was last accessed. If you spot an unfamiliar login (from a country you’ve never been to, for example!), you may want to reach out to your account provider to advise that your information has been compromised, particularly in the case of your financial institutions; they’ll walk you through the next steps required to keep your account and data secure.
5. Update your knowledge
Everyone makes mistakes… but with the right information, you never have to make this one again! Brush up on Payworks’ tips for how to recognize phishing and protect yourself and make this particular problem a thing of the past.
To help keep you and your crew informed and empowered in the fast-changing information security landscape, we’ve tapped our in-house experts for the most effective best practices you can leverage right now. Download a free copy of our Security Best Practices E-Book: https://www.payworks.ca/landing-pages/campaigns/security-best-practices-e-book.