hacked

Agencies are hired to do a multitude of services for companies across the globe and sometimes that means the exchange of passwords and servicing software accounts from social networks to CRMs. We can (and will) tell you that good and strong passwords, while difficult to remember, are the key to keeping your accounts safe.

Even if you have the first step down, sometimes hacking happens. Here’s a simple and dirty list to get you started on the recovery:

Change your passwords immediately after you suspect a hack. Always change the password AND check that the email tied to the account hasn’t changed. If it has, then someone has your password recovery emails going to them and will know when you try to change the password. If you can’t log in, immediately email the vendor and tell them the account has been hacked (if it’s obvious); the faster you flag an issue, the quicker you have a chance to limit the damage.

Change your API tokens for the service hacked. At SHIFT, we use a variety of tokens that make calls to the vendor API; those are tied to the account’s username and password. These tokens will need to be reset as well. Ask IT and your partners with access if they have created any API tokens and change them immediately after regaining access. Most API services have step-by-step in-browser instructions for doing this if you need to make the change yourself. It isn’t always necessary to know how to code to make this happen.

Create a plan for communication and action if/when you’re hacked. Have a plan for everything, even if you never need it; this is a good rule of thumb in this particular case. If it’s publicly obvious an account been hacked, the plan should communicate with users that you’ve regained control and what happened without oversharing details. Do this by publishing a post on an owned media channel such as a website or blog. Share the communications/action plans with others so departments like IT can flag other issues to be considered like API tokens. Thinking through the actions needed well in advance will save time and panic if the day comes when you need a plan.

As a bonus, I wanted to share one of my favorite tools for managing difficult to guess passwords – LastPass. It will save you time AND protect your accounts. Follow the rule of thumb for difficult passwords and/or long passphrases (don’t use a popular quote here) and save them in LastPass which is also protected by a passphrase which is the only password you’ll need to remember to have access to all.