It is the thing of nightmares. What started as a usual Monday morning has suddenly jumped into one of your worst-case scenarios. Your company has been hacked.
The scariest part is that you just might not have even noticed. If you are one of the lucky ones, you may receive a ransomware notification or an honest person might let you know but often the tell-tale signs of a breach are more insidious. Here is how to notice the signs and what to do if you find them.
9 signs you have been hacked – and what to do about it
Unexpected file changes
Many of todays companies allow for organisation-wide access to documents and real-time editing. Tools such as Google Docs or your Microsoft 365 package. Spotting the difference between your colleagues’ tracked changes on that twelve-page document that you wrote and more nefarious activity can be difficult but it is not impossible.
Look for changes outside of what you would normally expect to see. For instance, document name changes, or files that are mysteriously deleted. Like fingerprints at the scene of a crime, all of those could point to hackers being present on your system.
What to do: To keep the hackers at away, start by changing all company passwords, installing encryption software such as BitLocker and double-checking everyone is following your company security policy. If the problem continues, consider speaking to an expert.
Spam emails sent from company email accounts
Nobody likes receiving spam. It is annoying at best and nothing turns off a prospective customer more quickly than receiving an abundance of unwanted emails. However, if you start receiving complaints from customers or unsubscribe numbers start rising, this is also one of the signs your company has been hacked.
What to do: Keep a detailed watch on your outgoing emails. It is likely your marketing team is already tracking emails for key metrics, so ask them to look out for anything that looks suspicious. On an individual level, regularly check your sent folder in your emails for messages that you do not remember sending or look to be spammy.
If you discover something is wrong, simply follow the steps outlined above for file changes.
Unusual financial activity
It’s generally known that the majority of hackers are out for one thing: money. So amongst the most important places to frequently check is corporate bank accounts.
Check company statements regularly for unusual withdrawals or payments from your account. If you do notice anything, there is a very real probability that you have been hacked. Remember, cybercriminals will not necessarily steal large amounts. One of the most successful small-scale hacks in recent years involving a cybercriminal stealing from many companies, just a few cents at a time.
What to do: If you do find irregularities in your accounts, change passwords for all company accounts, turn on transaction alerts and contact your bank – most will reimburse any stolen funds as they are insured against these activities.
Unwelcome software installations
It is difficult to keep a track of all the various tools and software everybody in your company has installed. This can be particularly true in the world of an SME or start-up company.
However, there is an enormous difference between the tools your people need and nefarious software nobody remembers installing. Sometimes this software is totally harmless. We all have accidentally installed a browser add-on now and then that we did not want. However, there is also an opportunity that if someone does not recall installing something, it’s been installed remotely by a hacker.
What to do: The fix for unwelcome installations may be easy, but a time-consuming one. Perform regular checks on all installed software and tools in use on all the company’s devices. And, if you find any software that looks strange or isn’t in use, uninstall them ASAP. Create a list of allowed software that people are allowed on their devices.
Very much like it’s equally irritating relative, spam, nobody likes pop-ups. Our hatred for them is so much that more than 600 million devices (or 11% of all the devices in the world) currently use an ad blocker of some description.
However, there could be more to the pop-ups you are seeing than an annoying advert. If you are getting popups from websites that would not usually generate them – in particular, reputable ones – this could indicate your system (or theirs) has been compromised.
What to do: Unfortunately, there’s no quick remedy for this problem. The simplest way to clean up your systems is to manually delete any software, toolbars and add-ons you have not installed yourself (see above). This is a long process especially if you have many devices.
Strangely company device behaviour
We often speak about ‘devices behaving strangely’ it is important to stress we do not mean the ‘Wednesday afternoon go-slow’ your devices experience from time to time.
We mean very strange behaviour. For instance, your mouse pointer moving of its own free will (like someone else is controlling it) or random flickering on your monitor. Both things could indicate something way more serious is happening.
What to do: If you do notice these strange behaviours happening, it is time to call in the cyber security experts. unplug your device from the internet, power it down and turn your router off. Although these steps will not undo the breach, they will at least stop hackers from inflicting any damage before you get expert help.
Redirected Internet searches
We previously mentioned that the majority of hackers are interested in making money, and stealing is not the only way to accomplish this. A simpler and far less risky way for a cybercriminal to make fast cash is to redirect your browser searches somewhere you do not want to go. By redirecting internet searches to another website (often the website owner has no idea the site is being used in this manner) the hacker gets paid for these clicks.
What to do: If your internet searches are redirected then there is a high probability that you have also got nefarious toolbars and software installed on your network devices. Just follow the identical process we outlined earlier for software that should remedy things.
Changes to your security settings
Criminals in the cyber world are very clever, but that does not mean they are above simple tactics. Top of their list of ‘obvious but effective’ hacker techniques is turning anti-virus, ad blockers, firewalls and tools off to prevent them from being noticed.
Always keep a very close eye on your security settings. If any of these are turned off that should not be, this is most likely down to human error. However, it is well worth switching it back on and observing what happens. If the same thing happens again, it could mean you have been hacked.
What to do: The best thing you can do in this instance is to back up any files that you haven’t already and do a complete system restore. There is no telling what has happened without expert help, so the first step should always be a complete reset of any affected devices.
Leaked confidential data
Out of all the warning signs here, discovering confidential company data has been found online in an internet data dump (usually on the dark web) is the most obvious. Unfortunately, this is also very hard to remedy.
What to do: The information is already out there (probably sold to the highest bidder on the dark web amongst criminals), so your actions need to be more about reputation management and preventing this from happening again, instead of addressing the immediate issue. If the worst happens, then it is time for a full audit of your security policies, procedures and infrastructure.
Prevention is way better than cure
It might sound like a cliche, but the best way to avoid being hacked by far is prevention. Relying on anti-malware software is a good start but will only get you so far. The only real method of defence against this is ensuring you have a clear security policy and protocols that prevent the common mistakes made by staff, using tools like encryption and two-factor authentication, and checking company devices regularly.
Do not wait until you see any of these warning signs. Instead, think of cybersecurity as you would the office physical security. The more frequently you check doors and windows are secured and know exactly who has access to the keys, the less likely you are to suffer a physical break-in. Why should it be any different for your cybersecurity?
Improve Your Business’s Cyber Security Today.
Start by getting certified in Cyber Essentials, the UK government scheme that covers all the technical controls that will provide the protection that you need to help guard against criminal attacks.