On May 3, 2021
Your company is a significant target for malicious actors. They want your sensitive information, including your online accounts, bank information, and proprietary information. Inevitably, every account will be compromised in some way. Whether it’s from an individual or nation-state, data breaches are a daily occurrence for businesses worldwide. Companies must do everything to protect their data, but some data leaks are out of the company’s direct control. Most data leaks and account breaches are the company’s fault – whether it’s lack of user training, poor password policies, lack of two-factor authentication, or one of the other countless common reasons for a breach.
In this article, we will discuss what to do after your business email has been hacked, the reasons why you might have been a target, what measures you can take to recover the account, and how to best prevent it from happening in the future.
What Was the Reason for the Attack?
Usually, a malicious actor’s primary objective is to steal sensitive information and use it against you somehow. They may hold your data for ransom or sell your bank account details online. The attacker may also choose to email your contacts to either financially defraud them or spread their attack to other organizations.
One of the most common reasons for account breaches is a weak password or password reuse. If your password is simple, i.e., it is effortless to guess, or it does not contain any special characters or symbols, hackers can easily crack your password. Additionally, previous data leaks from other companies may have your password in plain text – this is why it’s imperative to use a unique, randomly generated password for every online service. Other reasons include leaving your email and password unattended on someone’s else computer or in public computers.
My Account Was Compromised – Now What?
If you are one of the unlucky users to have their account breached, and someone stole your business email’s username and password – what should you do? How can you regain access? We shall cover all of the steps on how to try to recover your business email and prevent it from happening again.
Secure Your Accounts
Suppose you can detect that your email was compromised before a malicious actor has committed severe damage. For example, you may have two-factor enabled and received a mobile notification of a sign-in. In this case, you should immediately secure your other accounts linked with the same email to prevent any further damage to your digital identity. Most people use a single email to register for multiple accounts that also share the same password. You should log in to online stores, your bank accounts, and social media services to change their passwords immediately. Similarly, you should immediately change the password of your email account itself.
Your passwords should be randomly generated, stored securely in a password manager. Hartmann Industries recommends Keeper Security for both personal and business use. A password manager allows you to keep track of thousands of unique passwords easily. Additionally, an advanced password manager like Keeper Security has BreachWatch, which notifies you if they detect one of your passwords leaked online.
Audit your critical business services, including your bank account and payroll system, and ensure that nobody has been altering settings and data on any of those accounts. Circle back to any remaining connected websites you can remember, as there is frequently more data that malicious actors can utilize against your business than you realize.
After checking the most important online accounts and taking temporary measures, it’s time to start locking down your accounts to best security practices. Utilize hard-to-guess security questions, two-step verification, IP whitelisting, and any additional security measures your online services offer.
Furthermore, we recommend completing a full cybersecurity audit of your company’s IT systems. Although cybersecurity audits are complex and should be executed by a qualified IT company, a business owner should ensure at a high level that:
- Business-class anti-virus is running on all computers, and recent scans are clean
- No unknown devices are running on your network
- Wifi networks are protected with a strong password
- Email spam filtering is in place (both inbound and outbound)
Notify Stakeholders and the Authorities
As soon as you detect your business’ data breach, notify the relevant stakeholders and authorities immediately.
Relevant stakeholders may include your business partners, members, employees, and independent contractors. It is essential to inform them that your email has been compromised so that they can scrutinize emails that appear to come from you. You should tell them that any emails urging financial action, e.g., a wire transfer, should be verified by phone.
Additionally, you should inform your customers if the data breach included their personal information. Not only is this the moral thing to do, but you may be required by local and state laws to report your data leak. If you are a HIPAA, GDPR, or PCI-compliance company, you should immediately consult with your general counsel on your legal obligations to inform customers. You may also wish to post a notice on your social media accounts to reach the most people possible.
As a business, you may have cybersecurity insurance that would help cover the expenses of informing stakeholders, paying for identity theft protection, securing IT systems, and alike. You should immediately call your insurance company and notify the agent of the situation so that they may open a case.
We also highly recommend informing local and federal law enforcement. The FBI’s Internet Crime Complaint Center has an online report system that you should use. Furthermore, your company may be one of many organizations attacked by the same malicious actor, and the data you can provide may help the overall investigation.
Contact Your IT Company
Arguably, you should do this first. However, many small businesses do not have a Managed Service Provider (MSP) helping them run their IT systems.
A trusted IT service provider, like Hartmann Industries, can help you secure your accounts, track down the root cause of the breach, notify stakeholders, gather data for law enforcement, and prevent a cybersecurity breach from occurring in the future.
A data breach, specifically something as significant as a breached email account, is a severe issue for any size business and should be handled by professionals.
Being a part of a business data breach via email hacking is the last thing you want. It is essential to set up quality security practices at your company and continuously improve your data protection techniques.
Remember, if your business email has been hacked:
- Notify your IT Service Provider (if you have one)
- Stop the immediate damage
- Secure your accounts
- Communicate with stakeholders
- Find the root cause
- Plan for the future