What to do if you've been hacked

(This guide is Part 7 of seven in our Cybersecurity Safety Content Basics Special.)

Well, the worst possible thing that could happen has happened, and you’ve been hacked. But what steps should you take? Are they the same if your PC or your smartphone has been hacked? Do you need to make a police report?

Well, let’s find out.

Quick Tips: Five things to do if you get hacked

1) Disconnect from the Internet

It might seem like an obvious choice at first, but many people often resort to panic-clicking device options, rebooting, Googling for solutions, calling tech support (or that tech-savvy friend) for help, all while leaving the compromised device connected. To stop any additional loss of data, and to stop attackers from accessing any more of your data, the immediate thing you should do once you discover or even suspect that your device has been hacked, is to isolate and disconnect the infected from the Internet.

2) Scan for viruses to identify and remove any malware

Once the device is isolated from the Internet, you can then run your antivirus and/or other security programs to scan the device and try to identify the malware that you're infected with. Ideally, your antivirus app should be able to clean your device as well, but some malware require dedicated tools. For example, to remove the popular WannaCry ransomware, there were process killer and decryptor apps specifically made for it. Once you have identified the malware affecting your device, read up on its removal process if applicable. Many antivirus and security brands maintain updated threat databases.

Remember, do not re-connect to download these apps on the infected device. Use a clean PC or device to download the security apps and then copy it over via a USB drive

3) Change all your passwords and passphrases

Even though you have disconnected the physical device from the Internet and managed to completely remove the malware from it, thus preventing further intrution, you have to assume that all your data is already compromised. The next course of action is to try and re-esablish personal security and privacy of all your online accounts. Immediately change all your passwords for websites, email, e-commerce, payment and banking services you have accounts with. If this task is too tedious, consider getting a password manager.

4) Notify your friends and the authorities

Since your data has most likely been stolen, your friends and contacts from compromised online accounts like social networks could now be targets and need to be warned to be on the lookout for any strange links or email attachments from attackers masquerading as you. You should also immediately report any loss of credit card numbers to your bank and lodge a Police report at https://eservices.police.gov.sg/, if you think you may have been the victim of a cybercrime.

5) Restore from a backup

Sometimes a compromised device cannot be saved, and the only course of action to ensure any traces of malware is removed is a full format and hard reset. If you’ve been dilligently performing regular backups, then this is when all the time and effort spent pays off. Depending on your backup frequency (daily, weekly, etc.), you should be able to restore your device to state when it was last malware-free. 

If you’re infected with a BIOS or firmware-level virus however, things might be trickier to deal with. A BIOS or low-level infection is usually undetecable by software antivirus tools because it happens directly on the hardware before the operating sytem even loads up. If your device is infected by a BIOS-level virus, you would need to be able to get hold of a copy of the BIOS/formware from a clean source to re0flash your device. If your device came with a firmware recovery tool, this would be what you can use to restore. If all else fails, a trip to a service centre might be required.

Should I buy cyber-insurance?

Personal cyber-insurance covers a range of cybercrimes such as cyber extortion, cyberbullying, online fraud, and data loss. It helps cover direct financial losses and expenses as a result of cyberattacks.

Like other types of insurance, personal cyber-insurance won’t keep you safe from getting attacked, but it can help you recover if the worst does happen.

FWD Insurance offers cyber-insurance that covers things like online shopping fraud that covers you for financial loss if your online purchase was not delivered and there was no full or partial refund or any other remedial action done by the online merchant within 60 days of the scheduled delivery date. FWD also covers Fraudulent electronic transfer that covers you for any financial loss if there are unauthorised transactions made through your credit or debit card, personal bank account or digital wallet.

American Express’s coverage includes things like Legal Consultation in the event of an online identity theft and/or cyber-bullying incident, Support Assistance where you receive IT and tech support to resolve or minimise the extent of damage or loss, Loss of Income Protection on your loss of personal income due to time taken off from work to restore and rectify records of your online identity, and Trauma Counselling can be provided to you by a panel of providers to mitigate the shock or mental anguish resulting from a cyber-bullying incident.

While this article is just a primer for cybersecurity safety, it belongs to a 7-part series of articles for consumers to take easy, actionable steps to better prepare against online security threats and what you can do to stay safe. Stay tuned as we roll out more stories over the next few days.

Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.