If you have cybersecurity insurance or feel this incident could cause significant damage, consider having a forensic analysis to track down what happened.

Contact your email provider, explain what happened, and ask for help. Continue down this list while you wait for their response.

Reset your email account password immediately. If you can’t log in because someone unauthorized reset your password, try resetting it yourself. If that doesn’t work, contact your email company’s tech support.

Check if your username and old passwords have appeared on the dark web. Visit https://haveibeenpwned.com/ and similar sites to find out. Never enter your password.

Change passwords for all your accounts including social media, banking, and other sensitive accounts, especially if you’ve used the same password for multiple accounts. Someone may have access to more than just your email.

Consider using a password manager like 1Password, Dashlane, LastPass, NordPass or another to help ease the pain of having different passwords on every website from now on.

When setting up security questions, avoid real answers that are easy for a bad actor to research. When asked, “Where were you born,” you could answer something like, “The fourth crater on the moon.” Save your secret answers in a file in a random place with a random name like “socks.docx” for when you need the answers. You can encrypt the file for added safety.

Enable two-step verification for your email account. While you are at it, set up two-step verification everywhere you can, primarily on sensitive websites and services. Here is how to add MFA to your LinkedIn account for added security https://www.linkedin.com/help/linkedin/answer/544/turning-two-step-verification-on-and-off?lang=en

If you set up two step authentication so that the site or service sends you an email message for the second part of logging in, and the hacker has access your email, it defeats the purpose of MFA. Therefore, if you set up the two-step login with email as the second step, use a different secure email address.

Review your email’s “sent” folder to spot any unrecognized messages.

Look at all your email accounts in your organization to ensure there are no email forwarding or filtering rules you did not configure.

Check your websites, especially LinkedIn, for any unauthorized changes.

Set up SPF and DKIM. More information here: https://fosterinstitute.com/block-inbound-and-outbound-fraudulent-email-messages/

Watch out for remote control applications that might allow a bad actor to compromise your computer and send email messages as you.

Be aware that your computer or another computer in your organization might be hacked, enabling attackers to send messages on your behalf. Stay vigilant and take measures to protect against such incidents.

Regularly apply critical security patches to your computer. You can check for updates manually, even if automatic updates are enabled.

Ensure your anti-virus program is current and run a manual scan regularly. Using EDR or XDR services add more security.

If you use a browser to send and receive email, this is a drastic step, but consider uninstalling the browser. When you reinstall the browser, add only the plugins you need.

If you use your phone or tablet for email, they could be hacked. Apply security patches, keep them in your possession, examine the privacy settings, and lock devices when not in use.

Watch out for apps on your computer, tablet, or phone that may be harvesting your address book without your knowledge. A drastic move would be to factory reset and erase them, but be sure your important data is stored in the cloud or backed up.

Notify financial institutions that if they receive messages from you, the messages could be fraudulent.

You might want to set up a new email address to use until you feel confident your old address is safe.

If you haven’t already, freeze your credit.

Monitor your financial accounts.

Before you send out notifications, you will want to talk to an advisor who can help you know what to say.

Please forward this to your friends so that, if someone appears to hack their email account, they will know what to do to.

Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: https://fosterinstitute.com/e-savvy-newsletter/

The post What to Do if Someone Hacks Your Email Account appeared first on Foster Institute.

Do you know someone who doesn’t like your organization and would like to cause harm? Can you think of anyone who may want to exploit you for money, other than a vast population of bad actors already in the world?

Even more worrisome than Inpivx is the realization that there will be more user-friendly tools to come from sources around the globe. Some attacks are already relatively easy to launch for a non-technical person, and such technologies are in an upward trend.

Remember typewriters? To move a paragraph, you had to re-type the page. Over time, typing documents became incredibly easy even for non-technical people. Creating ransomware is on the same path to easiness.
Anti-virus, firewalls, and passwords are crucial to cybersecurity. All of them are. However, if you feel that those are enough, you might be shocked if you get hacked.

How do you protect yourself? Keep patches up to date, remove all non-essential programs from computers, grant users only bare minimum privileges they need to do their jobs, use excellent spam protection, never allow users to check webmail at your organization, to name just a few. And, of course, keep those security IT Vital Systems Reviews current.

Please forward this to your friends, so they know that ransomware programs are more accessible to create than ever, even for non-technical people, so the danger is growing too.

The post You Do Not Need to Understand Computers to Make Ransomware appeared first on Foster Institute.