Remediation

What to do in the event of a suspected breach.

Immediate Actions

Remove internet access

Quarantine important files

Examine for Unauthorized Access

Have someone help you check to see if there are any obvious indicators of malware on the system. Ask specifically about these things:

Check for any unfamiliar applications or software that might have been installed

Look for remote access tools (RATs) or any software that doesn't look familiar

Review the list of recently accessed documents and browser history to identify any suspicious activity

Factory Reset the System

Ensure important files are backed up on an external hard drive

Flash the BIOS

Reformat the hard drive

Reinstall Windows

Reinstall applications

Change Passwords and Implement Two-Factor Authentication (2FA)

Set up a password manager (

more info⁠

)

Change passwords for all critical accounts, including but not limited to, banking, email, and social media. Use strong, unique passwords for each account.

Enable two-factor authentication on important accounts add an extra layer of security

Check for Financial Irregularities

Review bank statements and credit reports for any unauthorized transactions

Notify credit bureaus to lock your credit against lending attempts

Check with IRS that no fraudulent tax returns have been filed

Install or Update Security Software

Ensure the computer has up-to-date antivirus and anti-malware software (Malwarebytes is a good one for Windows:

www.malwarebytes.com⁠

)

Run a full system scan to detect and remove any malicious software

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.