Skip to content

Chapter 7 – Responding to Security Incidents

Even with the best security practices, things can still go wrong.

What matters is how fast and effectively you respond.

This chapter guides you through spotting threats, containing damage, and bouncing back securely.

Don't panic — act methodically

The first minutes after discovering a breach matter most. Be calm, fast, and precise.

7.1 Signs Your Account or Device May Be Compromised

  • Suspicious login attempts or password-reset emails
  • Unexpected bank charges or app subscriptions
  • New programs, toolbars, or extensions you didn’t install
  • Friends receive strange messages from your accounts
  • Antivirus pop-ups or sudden system slowness

If something feels off, trust your gut—and investigate.

7.2 Immediate Containment Actions

  1. Disconnect the device from the internet
  2. Change passwords using a safe device (start with email + password manager)
  3. Log out of all sessions on key platforms (Google, Microsoft, banks)
  4. Run a malware scan with a trusted antivirus or online scanner
  5. Back up important files before deeper cleaning or reinstalling

Act from a clean device

Don’t change passwords or log in to accounts from an infected system.

7.3 Recovering Hacked Accounts

  • Use the service’s account-recovery or “forgot password” flow
  • Provide backup codes, recovery email, or phone number
  • Reclaim access and enable 2FA immediately
  • Check for connected apps and remove suspicious ones

Act fast

The longer attackers stay inside your account, the more damage they can do.

7.4 Dealing with Malware or Ransomware

Scenario Action
Malware detected Quarantine → remove → run a second scan
Ransomware Disconnect → don’t pay ransom → restore from clean backup
System unstable Wipe device → reinstall OS → restore only verified files

If business systems or money are involved, contact a professional incident-response team.

Never trust a 'decryption guarantee'

Criminals don’t always unlock your files even if you pay.

  • Contact your bank or credit-card provider for fraud
  • Report identity theft or extortion to local police or cybercrime units
  • Inform anyone affected (friends, contacts, employers)

7.6 Learn & Prevent: Post-Incident Checklist

  • Figure out the cause – phishing? outdated software? weak password?
  • Patch everything – install updates, change credentials, enable 2FA
  • Backup strategy – keep at least one backup offline or in the cloud
  • Review regularly – schedule security check-ins every 3–6 months

Turn incidents into insight

Every breach teaches you something. Use it to improve your future security posture.

7.7 Self-Check: Incident Readiness

  • I keep offline or cloud backups of important files
  • My 2FA backup codes are stored securely and offline
  • I know how to report fraud or recover compromised accounts
  • I could wipe and reinstall my device from scratch if needed
  • 2FA is enabled on my primary email


Custom-tip

  • All boxes checked? Great—your response plan is solid.
  • Still unchecked items? Tackle them now to stay prepared.

Congratulations!

You’ve completed the CoreDocs. path:
“IT Security for Everyone – Everyday Basics.”

Apply what you've learned
Stay alert and updated
Revisit chapters as needed

Your digital safety just got stronger.