All articles Incident Response

First 60 Minutes After a Cyber Attack

7 min read

The moment you realise you’ve been caught in a cyber incident, whether it’s a stolen password, a suspicious financial transaction, or a lockout from your accounts, can be incredibly stressful. Panic is a natural reaction, but quick, calm action can make a significant difference. This guide outlines the essential steps Australian families should take within the first hour to manage the situation and minimise harm.

Stop the Bleeding: Disconnect and Secure immediate Threats

Your first priority is to prevent further damage. This often means isolating the compromised device or account. If you suspect malware, disconnect from the internet immediately, either by turning off Wi-Fi or unplugging your ethernet cable. For account breaches, the goal is to regain control swiftly.

Change passwords on any affected accounts, starting with your most critical ones like email and banking. Use strong, unique passwords for every service. If you reuse passwords, change them everywhere the compromised password was used. Enable multi-factor authentication (MFA) on all accounts where it's available; it’s an essential layer of protection.

Assess and Document: What Happened and What’s Affected?

Once immediate threats are contained, take a moment to understand the scope of the incident. What exactly happened? When did it occur? What information or accounts might have been compromised? Make a list of everything, no matter how small it seems.

Documentation is vital for reporting the incident later, making insurance claims, or recovering funds. Note down timestamps, suspicious emails, unusual transactions, and any error messages. This detail will be invaluable when you reach out for professional help, such as calling KNOMI.

Protect Your Finances and Identity

Financial and identity compromise can have long-lasting effects. If bank accounts, credit cards, or superannuation details are involved, contact your bank and financial institutions immediately. They can freeze cards, flag suspicious activity, and advise on next steps.

Consider placing a credit ban or credit alert with credit reporting agencies like Equifax, Illion, or Experian if you suspect identity theft. This makes it harder for criminals to open new accounts in your name. You can also contact IDCARE, a free Australian service, for support with identity recovery.

Key Steps for Financial Protection:

  • Contact your bank and all financial institutions.
  • Monitor your bank statements and credit card activity closely.
  • Consider a credit ban or alert with credit reporting agencies.
  • Contact IDCARE for free identity support.

Report the Incident: Who to Tell in Australia

Reporting cyber incidents is a critical step, not just for your own recovery but for helping authorities track and stop cybercriminals. For general cybercrime, ReportCyber is the national reporting portal. If you’ve lost money to a scam, report it to Scamwatch.

For more specific incidents, the eSafety Commissioner handles online abuse and image-based abuse. Organisations that hold your personal information must report significant data breaches to the Office of the Australian Information Commissioner (OAIC). Having KNOMI on your side means you don’t have to navigate this reporting maze alone; they can guide you through the process.

Seek Expert Help: Don't Go It Alone

Responding to a cyber incident can be overwhelming, especially when dealing with technical complexities and emotional stress. That's where professional support becomes invaluable. Trying to fix everything yourself can sometimes lead to further compromise or missed steps.

When something goes wrong online and you need help understanding the incident, managing the fallout, and recovering your digital life, KNOMI is who you call. Our experts provide calm, clear, and practical assistance, ensuring you take all the right steps for a comprehensive recovery.

Frequently asked questions

What's the absolute first thing I should do if my computer gets a virus?

Immediately disconnect your computer from the internet (turn off Wi-Fi or unplug the ethernet cable) to prevent the virus from spreading or sending out your data.

Should I change all my passwords right away after a data breach?

Yes, start with the most critical accounts like email, banking, and social media. Use strong, unique passwords and enable multi-factor authentication everywhere possible.

Who do I report a cyber scam to in Australia?

You should report cyber scams that have resulted in financial loss to Scamwatch. For broader cybercrime incidents, use the ReportCyber portal.

Can KNOMI help me if I've been hacked?

Absolutely. KNOMI specialises in expert cyber incident response for Australian families. When something goes wrong online, KNOMI is who you call to help you understand, contain, and recover from the incident.