Skip to content
Avanet
Phishing and Hacking: Immediate Measures and Prevention

Phishing and Hacking: Immediate Measures and Prevention

Hacking and phishing are problems that can affect almost anyone. Many of us have experienced an account being hacked or have clicked the wrong link. But don’t worry, it can happen to anyone. This article explains how to respond when something like this happens and what you can do to protect yourself better in the future. It is important to understand the risks and be prepared. With the right measures, the consequences of a cyberattack can be minimized and security restored.

1. What to do in the event of a hacking attack?

First things first: don’t panic. Anyone can become the victim of a hacking attack or phishing attempt. The key is to stay calm and take the right steps to regain control. It is normal to feel overwhelmed or even helpless in such a situation, which is exactly why clear, structured recommendations can help bring the situation back under control.

We recommend the following first steps, which guide you through the process step by step:

  • Block accounts: Block all important accounts to prevent further damage. This particularly includes company bank accounts, central email accounts, and all other business-critical systems. These are especially sensitive because they can often serve as entry points for further attacks. The faster you act, the better the damage can be contained. Many banks and service providers offer dedicated emergency numbers that can help block an account within minutes. Contact persons and the relevant numbers should be prepared in advance so that no valuable time is lost in an emergency.
  • Regain control of email accounts: Make sure you have full control of email accounts. These accounts are often the key to other services, as attackers can use them to reset passwords or gain access to additional accounts. Use all security features offered by the provider, such as two-factor authentication (2FA) or an additional security question. It can be helpful to use a separate device to restore control of the email account. If problems occur, the provider’s customer support can often guide you through the process directly. You should also ensure that recovery options such as alternative email addresses or phone numbers are up to date.
  • Inform authorities: Report the attack to the relevant authorities to protect your legal position. Hacking is a criminal offense, and a report may later help assert claims with the bank or other service providers. In Switzerland, cyberattacks can be reported to the “National Centre for Cybersecurity (NCSC)”, for example. In Germany, the police’s “Central Contact Point Cybercrime (ZAC)” provides contact points for companies. The Federal Office for Information Security (BSI) also provides important information on reporting cyber incidents. In addition, under the GDPR in the EU, data breaches must be reported to the responsible data protection authority within 72 hours if personal data is affected. All steps taken and all communication with the attacker or service provider should be documented. Filing a police report is not only important for legal protection; it can also help prevent future attacks by enabling prosecution. In Switzerland, a reporting obligation also applies, as regulated in the nDSG. Data breaches must be reported to the FDPIC, the Federal Data Protection and Information Commissioner.
  • Sophos Rapid Response: For companies that do not have their own processes or feel overwhelmed, Sophos offers a Rapid Response service. This service ensures that immediate expert help is available when a security incident occurs. Sophos Rapid Response provides fast analysis and an appropriate response to threats so that the company is affected as little as possible.

It is also important to inform all relevant departments within the company if sensitive data is affected. This particularly includes IT, management, and, where necessary, the legal department. This ensures that all stakeholders are aware of the incident and can take appropriate action to minimize the damage. If an incident involves sensitive customer data, a communication plan should also be prepared so affected customers can be informed promptly and transparently. Clear internal and external communication can significantly limit the damage and ensure that everyone involved knows which measures are being taken.

It is perfectly normal to feel uncertain in such a situation. It is important to take the time to follow the right steps and seek support if needed. Asking for help is not a sign of weakness – on the contrary, it shows that you are determined to regain control and prevent further damage.

2. Dealing with Data Theft

If you are the victim of a data leak, there are several things you can do to minimize the damage:

  • Change passwords: Immediately change all affected passwords. Use secure combinations of uppercase and lowercase letters, numbers, and special characters. A password manager can help create secure and unique passwords for each service. Especially for business accounts, it is important to use unique and complex passwords to minimize future risks.
  • Monitor accounts: Keep an eye on your accounts to detect unusual activity. Many banks and services offer notifications for suspicious actions. Activate them so you can respond in time. For companies in particular, it is advisable to secure access to accounts with additional monitoring services. Alert functions for unusual or unexpected activity should be enabled so that potential problems can be identified and resolved immediately.
  • Notify services: Inform affected services so they can take additional security measures. Many providers have dedicated teams that can help secure accounts. This also applies to enterprise software and cloud services, which should also be informed about the incident. Companies should be able to quickly adapt existing security policies and improve cooperation with the provider’s security teams to bring the situation under control.
  • Contact credit card companies and banks: Credit card companies and banks should be informed immediately about any possible high-value charges. If in doubt, affected cards should be blocked to prevent further misuse. A quick response not only helps prevent financial damage but also helps maintain visibility and transparency over all financial activity.
  • Identity theft monitoring: In cases where personal data such as name, address, or social security number has been compromised, identity theft monitoring can help. Some companies offer special services that monitor the misuse of personal data and raise an early alarm in case of irregularities. This can provide companies and individuals with additional security by detecting potential risks early.
  • Configure alerts and notifications: Companies should configure existing alerting and notification systems so that action can be taken immediately in the event of unusual activity. This also includes integrating SIEM systems (Security Information and Event Management), which help consolidate and analyze security-relevant information.

3. Long-term Prevention

In addition to immediate measures, there are many things you can do to stay secure in the long term. Ideally, companies should already have scenarios and corresponding processes in place so they can respond to such incidents quickly and in a structured way. A well-documented incident response strategy can make all the difference when it matters.

  • Awareness training: Phishing is one of the most common methods used to obtain data. With training such as Sophos Phish Threat, users can learn to recognize such threats more effectively and help prevent attacks. If you want to go further, tools such as KnowBe4 provide advanced awareness and training programs. These programs not only help build basic security awareness but also promote a culture of vigilance and prevention throughout the company.
  • Network security with firewalls: A good firewall, such as one from Sophos, can help repel attacks on the network before they cause damage. Especially in combination with Endpoint Protection, it creates a comprehensive line of defense. This is particularly important for companies that store and process sensitive data, as attacks on networks are often the first step in a larger attack.
  • Managed Detection and Response (MDR): Sophos offers MDR services that help detect suspicious activity and respond quickly. This can be particularly helpful for organizations that do not deal with cybersecurity every day but still want to be sure their devices are well protected. MDR ensures continuous network monitoring and helps stop attacks early.
  • Strong passwords: Use strong and different passwords for all accounts. A password manager can help keep track. It’s a good idea to change passwords regularly, especially if you feel something is wrong. In addition, passwords should never be reused to avoid the risk of an attack via an already compromised account.
  • Two-factor authentication (2FA): Activate two-factor authentication wherever possible. It ensures that an attacker cannot simply access the account even if they know the password. Many services offer 2FA via SMS, app, or special hardware tokens. For companies, it is advisable to make this method mandatory for all employees, especially for sensitive systems such as email and cloud services.
  • Regular updates: Keep software and devices up to date. This applies to operating systems, apps, and devices such as routers. Automatic updates help close security gaps quickly. Vulnerabilities are often the gateway for attackers, so a regular update process is crucial for system security.
  • Sophos Managed Risk is a service that helps companies identify security risks early and manage them proactively. Through continuous monitoring and targeted threat analysis, Sophos Managed Risk provides strong support in minimizing cyber risks.
  • Caution with emails and links: Do not click on suspicious links in emails or messages. Many attacks start exactly this way. If you are unsure whether a message is genuine, you should check the information directly on the sender’s official website. Companies should consider using anti-phishing software that identifies and blocks potentially dangerous emails.

Regular data backups are also important. If your computer or account is hacked, you can at least fall back on a recent backup and limit the damage. Companies should ensure that all important data is backed up not only locally but also in the cloud to ensure availability in an emergency. More rules under: Cybersecurity Best Practices

4. Important Information and Studies

Sophos publishes detailed studies every year that show how the threat landscape is developing across different industries. These studies provide valuable insights into how companies are affected by ransomware and other cyber threats, and which steps have been most effective in defending against attacks. Here are some of the latest findings from different sectors:

  • Ransomware in Manufacturing and Production (2024): A recent study showed that 65% of companies in the manufacturing and production sector were affected by ransomware in 2024. This represents a significant increase compared with previous years (56% in 2023 and 55% in 2022) and illustrates how threats to this sector have intensified. Particularly concerning is that many attacks are attributable to weaknesses in IT systems, with 29% of attacks linked to malicious emails and 27% to exploited vulnerabilities.
  • Ransomware in Retail (2024): The study for the retail sector showed that 45% of surveyed companies were affected by a ransomware attack in 2024. This is a positive decrease compared with 2023 and 2022, when the rates were 69% and 77% respectively. One notable point is that 92% of affected companies reported that cybercriminals attempted to compromise their backups during attacks, with almost half of these attempts (47%) succeeding. Such statistics underline the need for robust backup strategies and comprehensive protection of backup systems.
  • Specific industry challenges: The survey results also show that the way attacks begin varies by industry. In retail, vulnerabilities in systems and malicious emails were the most common entry points for attacks. This shows that a comprehensive IT security strategy is needed, combining technical methods such as patching and system updates with employee training to prevent such attacks.
  • Insights into root cause analysis: Interestingly, across almost all industries, companies affected by ransomware were able to identify the causes of the attacks. This underlines the importance of thorough root cause analysis to close system weaknesses and prevent future attacks. Common causes include vulnerabilities, malicious emails, and the exploitation of stolen credentials.

These studies highlight the need for a proactive cybersecurity strategy that includes both technical measures such as endpoint protection and firewalls, as well as preventive measures such as phishing awareness training and regular security audits.

Conclusion

Hacking and phishing can affect anyone. The most important thing is to stay calm, secure all affected accounts, and not waste time. Collaboration with experts, the use of protective measures like MDR, and the involvement of the relevant authorities are crucial. In the long term, prevention is key: with strong passwords, two-factor authentication, and awareness training, risks can be significantly minimized. Companies should always be prepared and regularly review their processes to be able to react quickly in an emergency.

David

David

David is responsible for content, structure, and digital implementation at Avanet. His focus is on making complex technical topics clear, precise, and search-friendly.