A client got hacked at 5 p.m. and discovered it at 8 p.m. They waited until the next morning to call us. Our advice to them was to shut down their system. Our advice to you is don’t wait – but please use some common sense. We don’t appreciate calls at 5:30 in the morning because you can’t connect to the internet or get your email, but a hack is a whole other story.
If you think you’ve been hacked, shut down – as in “power off” – your computer or your system immediately. If nothing’s running or connected, nothing more can be taken from you, nor can anyone get deeper into your system. Once you call us, we can examine every part of your system and help you take steps to secure it before you and everyone in your business or home goes back online.
If we’ve learned anything from news reports, no system is immune from attack. But there are a number of steps you can take to make an intrusion more difficult – and for small businesses and homes, they may be enough to deter anyone from making a huge effort to invade your system.
In the case of the client who was hacked, he did not have administrative rights to his computer – and that was a big help in minimizing the damage. Administrative rights give those who have them the authority to make all sorts of changes to a computer or a group of networked computers. In addition to adding and removing programs and managing data files, administrative rights can be used to grant permission to other users to perform all of those actions.
In a small business, it makes sense to give several people administrative rights to keep business flowing smoothly. Even if you have automated systems to take care of certain functions, you may need to give people permission to do certain things. However, you need to pay attention to security to benefit from the convenience of this flexibility. We recommend:
- Keep the number of people who need administrative rights to a bare minimum.
- Make sure those people change passwords frequently and that they use strong passwords.
- Limit permissions to certain functions to prevent a hacker from getting carte blanche to your entire system.
- Set up separate users and log-in credentials for performing administrative functions and delete them after those functions are performed.
The same recommendations can apply to a home computer or home network, with the requirement that children and seniors should not have the ability to install or remove programs.
We also can repeat steps we’ve suggested before:
- Do not use any simple usernames and passwords for any piece of equipment that is connected to the internet. Every device has a default name and password, and hackers know them all.
- Use strong passwords and change them often. Strong passwords are usually complex passwords. Hackers have software to figure out certain patterns of numbers and letters, and they can pick up information about anyone from public records. Try not to relate your passwords to that information, but for any password, use a combination of upper and lower case letters, numbers and special characters.
- Download and install updates from the publishers of your application software. In most cases, the updates contain bug fixes and patches to improve the security of your applications.
- Keep your anti-virus and malware software up to date and active.
Again, if you get hacked, don’t wait to call us. Time is of the essence. Shut down everything and call 973-433-6676 for immediate help.
Of course, preventive measures offer the best protection. Call us or email us to arrange a security audit of your system. And don’t wait until you’re hacked to do it.