What To Do When You’ve Been Hacked

TIP: tldr summary at the bottom.

Some of the worst words (when strung in a sentence) in the English language are, “I have been hacked!” Let’s be honest, even if you said them in Norwegian or Cantonese, they are just as bad.

But even worse is the feeling and thoughts that come after that, because you don’t know what to do NOW.

Scream? Yes. Get down on your knees and pray? For sure! Wait while the knot in your stomach and the blinking Taiwanese text resolves themselves on their own? Is that going to happen? Is your contact list of clients still alive? How far up does this hack affect you? IS THE PRESIDENT INVOLVED!?  WHERE DOES THE BUCK STOP?!

Before paranoia grips you and you give in to your somatic reflexes to check for bugs in the lamps and hard drives, there are a few things….well, a whole slew of things you NEED to do….and a few other things you CAN do if you feel so ambitious.  So let’s quit this drabble and get to the action.


Change Passwords – If you do a Google search for what to do when you’ve been hacked, numerous blogs and articles have this listed first. Because this is the first thing you should do! If they haven’t been changed yet by the vicious hackers, change them pronto. And don’t just change the password on the hacked account but on ALL your accounts, especially if you have been languorous about password security and use the same one for your bank and your email address and your Visa and your Pampers points account (don’t lose your diaper points!! “change” that password!) Take this opportunity to revamp your security measures. Although obnoxious, ideally you would be changing your passwords routinely for better security. Once a month is ideal. Or every day if you are OCD. If your passwords have unfortunately been changed contact your hosting provider ASAP and let them know. They will be able to help you regain access. When setting up new passwords the rule these days is 9 characters, including uppercase, lowercase, and at least one number.

Scan for malware, viruses, foreign code, etc. Run a scan on your website to identify the threats you’ve been dealt.  After you run a scan you will be able to clean up the content.* If you are on a shared server (for example, you don’t have dedicated hosting) you will probably need to contact your hosting provider to check into it for you, as most scans won’t be allowed to run if you don’t have dedicated hosting. (You’re not in an exclusive relationship!)  Check out the Nessus scan we offer that will detect these things before they take a stronghold on your site.

Download/Delete Sensitive Content – Now that you have run the scan for threats remove any sensitive and confidential information from your account.  Get any of those pictures of you in the horrible Christmas sweater or breastfeeding your son OFF! If you have a list of passwords for other sites, or all your not-yet-realized ideas for patent products stored somewhere in an unpolished blog, they will need to be downloaded and then deleted (off the site). In your paranoia you may think: “Won’t downloading content from a hacked website cause problems to my computer?” but this is usually not the case as the operating systems are different – your computer speaks Norwegian and the virus speaks Cantonese, so to speak.

2FA – If possible, enable 2 factor authentication on accounts. This is a great way to step up your security. You have probably already had a brief handshake with 2FA through your email or bank. An example of this is when you login with your password and you still have one more step before you can access the account. Often it is a code sent to the telephone number on file or an email with a key code. Usually you can enable this authentication by going to your settings, but each account will be different. Familiarize yourself with this option and the other security measures that your accounts offer, usually free of charge. As cybersecurity becomes a more prevalent pie we partake of it is a good idea to learn more and more about the security steps you can take to enhance your own personal recipe.

Check your backups You forgot to set one up? Well let this be a lesson in cybersecurity physics for you, dumb-dumb! (not kicking while you are down, just calling you OUT) – Once a website gets changed or deleted, it is forever changed and deleted. Nothing comes from nothing! These days you can never be too careful and having a backup is one of the low or no cost options that you will be grateful for later. It could also mean the difference between being able to stay alive or signing your company’s death certificate. You don’t make one pumpkin pie when you know your mother-in-law is coming to Thanksgiving Dinner…..hmmm. Maybe this analogy is no good.  Regardless, you need a backup because if the first pie gets eaten you need another one that you can pull out of the pantry and get back in business ASAP. You can usually set up a routine download of your backup through your website server, or check out some of the services Fibernet has regarding this, including our Managed Cloud with Backup service, Overwatch, and Cloud Block Storage.  Make sure to reach out to your hosting company as well to see if they keep any backups on hand.

Unlink any Linked Accounts -You want to remove any extra attack vectors, so if you’re website is linked to anything, say, your internal business network, make sure the passwords are different. If you keep the conversation open that’s when people get hurt! If it looks like a relationship was formed and you didn’t participate or give consent find your tech guru and get them to take a look. Hopefully s/he is already involved at this point (not INVOLVED but….you get the idea!)

Update software Make sure you are running on the most up-to-date and patched up software available. For example, WordPress is constantly rolling out code updates as technology and software goes forward, and when you don’t stay on top of the software that’s where hackers can sail smoothly into your site without even a breeze. Most software lets you know when it is needing an update and it is best to do it when you get those notifications. Try not to put it off until later.  There are products available that help you stay on top of this issue, including sitesecure.me if you are running on WordPress. Check out this service that our partner company Nethosting offers here.

Set up a firewall This is a great way to help mitigate future attacks. It’s like putting a block on your vicious ex that burned all your website data and stole all your John Tesh tapes (you were glad they took them).  You can block and even redirect websites and IP’s that come at your port that you know have been nothing but piratous fiends before.  As one of our brilliant system administrators defined firewall, “It’s a central security hub designed to regulate access to an environment.” Central Security Hub, at your service! Check out the Firewall service we offer here.


(but highly recommended! Cyber threats are on the rise and the money lost is pretty much always more than the prevention cost. See some of the services we offer and how they can fit into your security budget)

Check out services provided by hosting companies that proactively monitor and keep your software and accounts updated. Obviously, we recommend our Managed Services team and our Overwatch service, but check out all that is offered to you via searching the web. If you have an IT department take a minute to talk to them about what can be done to protect your resources.

*Don’t go it alone! If you have a hosting provider contact them if you have been hacked to see what kind of services they offer. If the hack is serious enough you will need assistance to get your website back up, cleaned up, and running, and often they can offer affordable options that will assist with the process.

Nessus Scans are a great tool that proactively monitors your website for vulnerabilities. This is a service that is extremely user friendly. It runs “vulnerability scans, configuration and compliance checks, malware detection, web application scanning and more” (taken from the creator’s website, tenable.com). You can partner with Fibernet to get this service set up for you here.

Make a Game Plan If this is the first time you’ve been hacked you no doubt are full of some raw emotions. It can leave you feeling violated, angry, and frustrated to boot. Don’t get too down about what was lost in the fire – you can rebuild in more fireproof materials and move forward all the more prepared and alert for the next time something like this happens. Unfortunately there are no guarantees that it won’t happen again, but you can ensure it doesn’t cause the devastation it did this time.  Feel free to contact any of our dedicated experts to learn more about the ways you can stay protected. Now go forward, once more into the void of cyberspace!