UVM's Information Security Operations Team answers "Why?" Why?security

Someone Stole My UVM Password; Now What?

You’ve probably had your UVM Net-ID locked because someone stole your password and started doing horrible things using your account, like sending spam or launching Internet attacks.  Enterprise Technology Services Account Services can get your account unlocked (call them at 656-2006) — but there are some critical steps you should take right away to protect yourself and others.

If don’t know for sure how your password was stolen, it’s possible that your computer system has been infected with a virus or other malicious software (malware), so your next step should be to take action to protect your data and prevent your computer from being used to attack others.

Secure Your Computer

Ensure your computer is current with all available patches, fixes, and upgrades. If you do not have your operating system set to automatically update, do so now by visiting your operating system’s website and following the instructions.

Your computer’s security software should also be up-to-date. To check status, click on the icon for the security program on your system. If an update is needed, it will be indicated here. If you don’t have security software installed, you need to get it. Make sure you have anti-virus and anti-spyware software installed and a firewall enabled.

Confirm that your browsers are up-to-date. Tools such as Qualys BrowserCheck or WhatBrowser can help assess status.

Visit the Carry-In Center in the Davis Student Center for assistance.

If your computer checks out clean, it’s possible that another computer, tablet, or phone that you’ve used recently is infected.

Secure Your Accounts

You probably access numerous online accounts, including social media, banking, news sites, shopping, and others. If you’ve been hacked, there is a chance that important passwords have been stolen. Reset your passwords for your critical accounts first, starting with your email account, followed by financial and other critical accounts.  It is important to start with email accounts, since password resets for all of your other accounts are typically sent to your email.

Use separate and unique ID/password combinations for different accounts and avoid writing them down. You may want to use a password manager such as 1Password.  Make the passwords more complicated by combining letters, numbers, special characters, and by changing them on a regular basis.  If you are unable to log into one of your accounts, contact the service provider or website immediately. Most online providers include an online form, an email address to contact, or a phone number to call.

Secure Your Mobile Device

Mobile phones and tablets are also subject to attack. As we do with our personal computers, we have to ensure that the proper steps are taken to protect our information and devices. This includes installing security software, where available, and keeping all installed software up-to-date.

For More Information

You’ve been hacked, now what?
http://www.net-security.org/article.php?id=1827

Your Email’s Been Hacked! Now What?
http://identitysafe.norton.com/blog/blog/2013/06/03/your-emails-been-hacked-now-what/

You Got Hacked! What Now?
http://www.pcmag.com/article2/0,2817,2403134,00.asp

Hacked: Now What?
http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201209_en.pdf

I’ve Been Hacked! Now What?
http://netsecurity.about.com/od/disasterrecovery/a/I-Ve-Been-Hacked-Now-What.htm

You’ve been hacked! Now What?
http://www.doit.wisc.edu/youve-been-hacked-now-what/

Adapted from The Center for Internet Security (CIS).

Published by Dean

Dean Williams is UVM's information security officer.

Skip to toolbar