Our Technical Director, Rupert Walmsley, has put together a short video detailing what to do if your password is lost or stolen. Here we’ve given a summary of the information to refer to should you be concerned about your passwords. 

Firstly, let’s determine what’s happened… 

  • Have you clicked on something that is a bit suspicious? 
  • Have you found yourself on a web page that you weren’t expecting to after clicking on a link in an email?  
  • Are lots of bounced emails returning to your inbox or conversely no emails appearing at all? 
  • Are you getting a pop up box that doesn’t normally appear?  
  • Do you have some strange icons appearing on your computer? 
  • Are file names and time stamps changing without your involvement?

Three actions to take, in order of priority: 

  • Change passwords immediately 
  • Inform your manager or IT support company or both 
  • Check your systems

Changing passwords 

Change passwords immediately even if you’re not sure there’s been a compromise. If you need to contact your support team in order to change the password, explain that there is a potential security breach; be as clear, concise and accurate as possible to enable action to be taken before too much damage is caused. Thousands of fraudulent emails can be sent out in a matter of minutes so the quicker you can take this action the better. 

Communicate 

It’s better to be safe than sorry. Speaking up is WAY better than not. If you head up a team, encourage them to do alert you if they think there’s an issue – it’s far better to be in the habit of reporting potential security breaches even if it transpires that nothing is wrong.  

Trying to hide an incident will ultimately cause more stress and aggravation for everybody involved. 

If you need to log a call with your IT support team we’d recommend following up with a good old fashioned phone call – let the team know how urgent your request is. 

Check systems and take action 

At this stage it’s really important to know what normal looks like on your computer; if things have changed within your mailbox, for example, action needs to be taken ASAP. 

Get in quick and the issue could potentially be solved really quickly, installing software and running system scans.  

For more complex issues it will be the case of trying to determine where the hacker got in and what damage has already been caused. If, for example, fraudulent emails have been sent, it will also be necessary to inform customers that the attack is underway and how they may be impacted.  

There may also be a legal or regulatory requirement to report the security breach. 

Plan ahead 

Planning for an attack is the preferred option. Obviously, no one wants to be attacked but in reality cybercriminals are infiltrating organisations all of the time. Strong Cyber Resilience is essential to accompany Cyber Security. 

Talk to your teams about phishing emails and what ‘normal’ looks like. Ensure everyone knows which software you all use, and put up posters detailing Cyber Security measures. Let teams know how devastating an attack could be if procedures aren’t followed. Educate your teams on good practice (which includes reporting incidents ASAP), helping them to remain vigilant and cautious. Most importantly, create a ‘no blame’ culture and praise staff for reporting problems – issues left unreported can fester until the results are debilitating. 

If you’re concerned about password security please contact us. Additionally, if you want to proactively put a Cyber Resilience plan in place let us help. 

For more IT & Cyber Security Tips videos take a look here