Advice to help you protect your accounts
Information security now!
Attempts to break into and hijack accounts used in online services are often made using different methods. This article contains brief instructions on how to protect yourself in advance and what to do after a breach.
Often, attempts to break into the accounts of different services, such as social media, games and e-mail, are made actively using different methods. This article has a short list of the most effective protection methods and instructions on what to do after a breach, as well as links to the instructions of the most common services in case of these situations. With regard to services offered by an organisation (such as the workplace), you should contact maintenance or technical support both when checking the security settings and in case of a data breach.
- Use a unique password for each service.
- Make sure that there is more than one type of contact information linked to the account (e-mail, telephone number or similar).
- Check that the contact information linked to the account is active and under your own control – the e-mail account exists and you can access it, the telephone number has been entered correctly and it is still in use.
- Use two- or multiple-factor authentication (2FA, MFA); see links to the most common services below.
- Make sure that you have other options available in addition to the primary MFA option. You should think about what to do if an application on a smart device cannot be used because the device is broken, for instance (in that case, e.g. an SMS-based additional confirmation can be used as the second option).
- Make sure that the e-mail addresses linked to the services’ accounts have also been protected based on the things you have now learned.
- Keep delegated rights, if any, and their consequences in mind – if the account has rights to other accounts or services, or if other accounts can use the account, they should be protected in the same way to avoid vulnerabilities.
After a breach
- Try to take control of the account back by using the automated tools of the service in question. Beware forged phishing messages! Many services have automatic warning functions in use for password changes and new logins.
- Contact the service’s administration to start the account restoration process, if the automated tools do not work. Links to the most common services can be found below.
- File a report of an offence in the case. You can file the report of an offence in the case either online or at your local police station. Demand that the perpetrator be made responsible for their offence. If the process feels difficult, ask for help from Victim Support Finland (RIKU).
- Report the matter to the National Cyber Security Centre Finland. You can either use the notification form (below) or send a free-form e-mail to the address firstname.lastname@example.org.
If you think that a popular service is missing from the list below, please tell us about it on Twitter! Our handle is @certfi.