23 Incident Response Tips for Home Computer Use or Unwanted Social Media Attention | Tripwire

23 Incident Response Tips for Home Computer Use or Unwanted Social Media Attention

Posted on March 9, 2017
23 Incident Response Tips for Home Computer Use or Unwanted Social Media Attention
One of the unpleasant realities of having a ubiquitous and very public online profile through social media is the risk of attracting an unwanted “follower” or “friend” who turns into an online-troll or stalker. Over the past few weeks, I’ve been contacted by a number of folks on “what to do” when bad things start happening online. Whether you suspect your computer, mobile device, or social media accounts have been compromised, or when a relationship has gone sideways, there are common elements to consider in returning things back to normal. Firstly, this article is not legal advice, and if you have been subject to violent threats, racism, and/or extortion, you need to collect evidence, such as screenshots, chat logs, emails, etc., and contact the police. You are most likely a victim of a crime, and the only appropriate response involves the law. It’s a grey area when it comes to what constitutes online harassment (someone saying mean things to you) and libel (someone saying things which are untrue about you publicly). The threshold of criminality is far more difficult to establish in these cases. You would be wise to obtain legal advice for clear council on what avenues can be used to remedy the situation you are in before making a criminal complaint or initiating a civil proceeding. State laws may differ, and First Amendment protections can make a successful liable case difficult. It’s a very good idea to determine where the breach may have occurred and what your level of exposure online is. Firstly, have a visit to the website haveibeenpwned.com and run your email accounts through this (and register any email addresses you have here). A special thanks to a public affairs officer who pointed out that leaving comments online, which expose your email address, can also lead to unwanted attention. Google search your email address in “quotes” to see if something comes up. Now to the joys of your technology. If you think your account(s) have been compromised, either because a) someone knows something that you thought was private, or b) you have unexplained financial transactions in PayPal, banking, or online merchant accounts, it’s time to take serious action. However, be warned; it can be a lengthy process to “re-password all your life things.” A bottle of wine to accompany Step 4 is highly recommended.
  1. Immediately dispute the transactions with the online vendor and/or your bank.
  2. Report any credit cards you think may be compromised as lost or stolen and get new cards.
  3. Since so many messaging apps and 2FA protections are tied to your phone number, if you are receiving unwanted messages, you may need to get a new mobile number.
  4. Before you use a trusted friend, family member’s, new, or factory reset computer to deal with your online account passwords, make sure it is up-to-date with patches and a full antivirus scan has been recently run on it.
  5. Using the trusted computer, log in to all of your sites and change passwords. Do not store passwords in the web browser.
  6. Check to see if any devices or applications are registered with access to your account, such as Google or Amazon. Delete all devices and apps that are registered.
  7. Activate two-factor authentication (2FA) on any banking, online merchant accounts and social media accounts you are not prepared to close or abandon.
  8. If you have decided to remove or reduce your social media profile and live in the EU/UK, invoke your right to be forgotten with the social media provider.
  9. Using the Google search: “secure privacy settings for <insert social media site>” and step-by-step, enable those features/settings. Stalkers and online malcontents focus on poorly secured social media accounts to antagonize you.
  10. If you can’t or don’t want to wipe your phone back to factory settings, at least make sure your mobile device is patched and up-to-date and all your apps are at the latest version. Log in to each of your apps after you have changed all your passwords to confirm access. (Note: You may have to re-install some apps to re-register them with Google or Amazon accounts.)
  11. Activating 2FA will certainly identify if someone is trying to break into or brute force your online accounts. If you see 2FA authorization text messages for online accounts, and you’re not logging in, something shady is most certainly going on.
Now that you have spent some quality time on your friend’s or family member’s computer changing the passwords to your online accounts and activating 2FA when you can, we need to deal with your home PC:
  1. Change/enable a local password and make sure you have a screensaver lock enabled.
  2. Review the applications that are installed on your computer. If you’re not sure what an application does, Google it. If it’s something that has the words “Remote Control, Remote Connection, or Remote Access,” chances are high that’s a major part of your security problem unless your computer is under management from an IT provider. If that’s the case, have them work through all the following steps.
  3. Patch and update all of your applications and operating system before you proceed with the next steps.
  4. Download, install, or update an antivirus solution and/or conduct a full scan of your system.
  5. Download, install, and establish an account for either Google Drive, Microsoft One-Drive, or Dropbox using your new password.
  6. Move documents, pictures, videos, etc. to your cloud storage folder and let it sync those files. Cloud storage vendors perform antivirus scanning of files being uploaded and downloaded.
  7. If you truly believe your computer may be compromised by malware, have it professionally re-installed or initiate a factory re-set. (Steps 5 and 6 are designed to back up your data prior to a factory re-set or professional re-install.)
  8. If you do a factory reset or professional re-install, you should ensure the machine is patched and updated and has an antivirus product installed as the first steps before you surf to your online accounts.
  9. Install all of your applications, including your cloud storage software, and then let this sync your files from Step 6.
  10. Patch and update applications as required. If there is an option to keep the application updated to the latest version, ensure it is enabled.
  11. Log in to your online accounts. Do not store passwords in the browser!
  12. If you have a lot of online accounts and passwords, consider using a password manager.
Whether you’re the victim of unwanted online attention or you believe your home system is compromise, these steps are designed to help you re-establish control over your online world. Computer safely my friends.  
Ian-Trump-2-e1459287818584.jpeg
About the Author: Ian Trump, CD, CEH, CPM, BA is an ITIL certified Information Technology (IT) consultant with 20 years of experience in IT security and information technology. Ian’s broad experience on security integration projects, facilitating technological change and promoting security best practices have been embraced and endorsed by his industry peers. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013. Currently, Ian is the Security Lead at LogicNow working across all lines of business to define, create and execute security solutions to promote a safe, secure Internet for Small & Medium Business world-wide. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!