6 things COs should do when they suspect their email has been hacked
Gaining unauthorized access to your work email is simpler than you think
The author of this article, a longtime public safety professional, shares an incident of email hacking in which he was involved. Because the incident and the claims of the hacker, another public safety professional, are still under investigation the author has requested to be anonymous.
In a competitive world, some will stop at nothing to gain any advantage, even if it means breaking the law. This can include gaining unauthorized access to your work email, and it is simpler than you think.
In the public services sector, there is a high degree of trust between staff members. That trust can be a weakness in your personal cybersecurity because it can create complacency. Without your knowledge, someone can easily obtain your password. It can be as innocent as accidentally watching you type it. Once an individual has your password, your email can be accessed from any computer at any location. Almost all mail systems today allow remote access with just a login and password. So while you fret at work during the day, someone can be going through your email in their home.
Here are some indicators that should make you suspect your email was compromised:
• Someone knows more than they should about your communications. This could be an internal job competitor or even a colleague.
• Parts of your emails are brought up out of context in various venues. There will always be a rationale on why your email is known, such as "Jake mentioned he heard it from Sam who..."
• An email you have not yet read may be marked as read in your mailbox. Either the hacker slipped up or you were both on your mail at the same time.
• You are asked for follow-up on an email you don't recall receiving. This may be because someone deleted it from your system before you saw it. The mail can be further purged from your trash bin, leaving little or no trace.
• Trust your gut if things don't easily add up. You likely haven't been taught about computer espionage but you do realize if something is odd.
Any of these signs may make you feel confused, off balance or even overwhelmed until you begin putting together the pieces of the puzzle.
Unauthorized email access can go undetected because it can be done remotely and often the victim has no idea it is occurring. Access to your email may also allow someone full rights to the system. This means the ability to view your calendar, sent and deleted mail, contact lists and in some cases the entire hard drive. Once your mail is viewed, it can then be marked as unread to easily cover the hacker's trail.
In most states, this is a felony and serious offense since it is the new realm of cybercrime. Do not think it is just a bad guy in a foreign country. It may be someone you know who is vying for your job, who wants to discredit you, exploit your vulnerabilities or garner confidential information.
Unauthorized access is likely very common, but rarely discovered because of how easy it is to cover up the crime. One chief of a large 200+ member organization had his email accessed for over a year by an assistant chief, who was also a trusted colleague. This was happening without any knowledge by the chief that it was occurring. The assistant chief used confidential information he read between the chief and mayor, as well as other department heads, to spread misinformation throughout the organization. He also downloaded and saved confidential information to personal computer systems. This created mistrust issues for the chief as he was constantly trying to get a head of rumors, being reactive and spending less time leading.
The steps below eventually led to the discovery of the email breech, resulting in a grand jury indictment for several felony counts and ultimately to a felony conviction. In addition to personal damage, there can also be an adverse organizational impact. This can include unfavorable media coverage as well as a negative perception on the organization's reputation. Hackers often think their actions are innocent, but in reality those actions are identify fraud and a serious crime.
The steps to take to determine if your email is being accessed by someone else are fairly simple, but effective.
1. Keep your mouth shut about your suspicions because the culprit can be anyone, including a trusted friend or confidant. It is just as important to figure out who the email hacker is along with stopping access. This is especially important if it is someone inside your organization.
2. Go about your daily business on email. For now, don't change your password – doing so will indicate you suspect something is going on and you may never determine who the perpetrator is. For sensitive issues, consider using the phone until it is determined your email is safe.
3. Go on a Wi-Fi diet. Only access your email from your office, phone or home. Do not use other locations such as free Wi-Fi spots keep your email checks at a consistent time. When your IT team looks at remote access into your system, you will easily be able to account for all access locations (IP addresses) that only you used to accessed your login. Any other IP addresses or times will be red-flags.
4. Contact your IT department, specifically their cybersecurity person. When it comes to possible unauthorized access to their system, they will follow-up with the utmost urgency. Let them know your concerns and follow their advice. This is not an uncommon occurrence. It’s important to realize the serious consequences.
5. If your email is being compromised, it is likely a felony or multiple felonies. Your legal and possibly human resource teams will need to be involved in the matter. Be prepared that you may be required to testify in a grand jury or court room.
6. The media will likely find out. The whole mess will likely be in the media if there are criminal charges. This can make for a scandalous story that can drag out for months depending on the situation. It will also create questions from taxpayers regarding their confidence in public safety and how the facility is being run.
Consider doing the first three steps above, in conjunction with your IT team, as a routine check to ensure someone has not already accessed your system.
Knowing these basic steps will prepare you for what needs to be done to protect yourself and your organization. The breach of trust and feelings of betrayal can seem overwhelming. Few will understand the damage that can be done mentally to the victim – you. It will be an emotional drain on you. However, things will get better for you, your career and your sanity once you determine what has happened.