Concluding my three part series on cybersecurity breaches and how you can deal with them, I’m going to cover a few things that you can do RIGHT AWAY if you find that your personal online data or security has been comprised.

Previously, I had talked about some of the ways that your online identity could be impacted, and how you can protect yourself against such activity. As the final entry in this series, I’m going to discuss some of the important steps you should take in the event that you realize you’ve been the victim of a cyber security attack.

What to do if you are a victim of a Cyberattack or Cybercrime

Cybercrime happens—according to IBM there 1.5 M cyberattacks a year, or 4,000 cyberattacks a day—nearly three a minute. And that was 2 years ago. These aren’t just attacks on the government and businesses, “In 2014, 47% of American adults had their personal information stolen by hackers — primarily through data breaches at large companies.” Remember that Yahoo breach?

Statistically, you have about a 50/50 shot at experiencing some sort of cybercrime—even if you personally are taking all the right steps to protect yourself. Given this, it’s important to proceed calmly and rationally—and have a process to follow to minimize the impacts. Again, this is NOT a comprehensive plan—each person and business should build their own plan (Granite Investment Advisors are not cybersecurity experts)—but we hope it’s enough to help you to manage a cyberattack.

1. Don’t panic—and run trusted anti-virus/malware/spyware.

Again, the reality is that people are getting hacked or suffer a breach of data every minute of every day. It’s become a fact of life in our digital age. If you think you’ve been hacked, a good place to get started is to run anti-virus, anti-spyware, or anti-malware on your devices.

2. Change your passwords.

There’s a possibility that whoever hacked your account might not have done anything with your information yet, so if you’ve been hacked, you should at least try to change your password. This time around, make sure that it’s more secure than the last one, and nowhere near or similar to the old password. As says, to make sure that your new password is not easily identifiable, as in “no birthdays, addresses, kids’ names, dogs’ names, maiden names, favorite movie names, favorite band names, or anything else that you might otherwise feature on your Facebook page.”

3. Cover your investment accounts.

Pick up the phone and call your investment advisor right away, so that they can monitor your investment accounts for suspicious activity. It doesn’t matter where/how the attack or breach happened—data is connected in a variety of ways today and you want to prevent any additional issues from arising—especially with your investments. Make sure that you follow the directions provided by your firm.

Your investment advisor should have a plan and procedures in place in the event that you experience some sort of hack, cybercrime or fraud. In the event that a suspicious communication is received from a client, Granite will contact the client via phone or in person to verify the email was sent by the client. If the client was compromised, Granite will work in conjunction with the client to help rectify the problem in any of their investment and financial accounts.

4. Contact key local, regional, and federal authorities.

Due to the depth and breadth of cybercrimes, it’s important that you contact the appropriate authorities. While this is not a comprehensive list, it will get you started in rectifying the situation.

  1. Contact your local, state and federal law enforcement offices. Since typically you don’t know if this is local, state or federal crime, it’s important that you alert all parties. This information is unique to each state. The Department of Justice has more resources here. Don’t forget to inform the local police—they can file a formal report and document your situation for future use. They can also point you to additional resources.
  2. If you have a social security number-related cybercrime, contact the Social Security Admin’s fraud hotline at 800-269-0271. They will take your report and investigate any issues surrounding the use of your SSN.
  3. If you even remotely feel like you might have an instance of identity theft, contact the FTC—Federal Trade Commission at, 1-877-IDTHEFT. or You’ll be able to report identity theft, and gain access to a recovery plan—or browser recovery steps. The site can help you walk through the steps to recovery, manage your recovery plan, track your progress, and more.
  4. If you’ve been the victim and impacted by tax fraud, visit on the IRS’ site for steps you should take.

5. Close—or clone—your account(s).

Sometimes the safest thing you can do is work with a customer service rep or account manager to close the account that has been hacked. Some investment companies offer you the ability to clone a compromised account, allowing you to rapidly create essentially an identical account to the one you had. Once set up, your assets are then moved and the compromised account is closed.

6. Report identity theft to one of the main credit agencies.

Given the nature of (and their response to) the Equifax data breach, there’s a possibility many would choose to report identity theft to Experian (1-888-397-3742), or TransUnion (1-800-680-7289). You can give them your police report and put a fraud alert on your account to help prevent further fraudulent activity.

This is not an exhaustive list—and you may need to take additional steps—but this should give you enough to start working on while you wrap your head around your own personal situation.

I hope this was helpful—and that you are able to avoid becoming the victim of cybercrime. Have you personally had to deal with identity theft or some other form of cybercrime? What did you end up doing—and how did it turn out?


Past performance is no guarantee of future results. Returns are presented net of management fees. There can be no assurance that any of the securities referred to herein were produced for or remain in portfolios managed by Granite Investment Advisors. A complete list of all Granite Investment Advisors’ recommendations within the preceding year is available upon request. It should not be assumed that recommendations made in the future will be profitable or will equal the performance of the securities described herein.