Six signs that your business has been hacked!

You should always work on the assumption that your business is going to be hacked. You should therefore always be on the lookout for signs that your business has been hacked. Here are six of the key points to check and what you should do if you spot them.

To explain further, Luke Watts, Director of RoundWorks IT, shares his insights on six key signs that your business may have been hacked.

Complaints that you are sending spam

Be careful with this one. Email addresses can be spoofed. This means that people may think that you have been sending them spam when, in actual fact, it’s just somebody disguising their email address. If, however, you determine that your server really is being used to send spam then you need to put a stop to it quickly.

Usually, the easiest and most effective way to do this is to check your email settings thoroughly, then update your password(s). If possible, introduce two-factor authentication as well. 

Complaints your internet searches are being redirected

If you determine that your internet searches are being redirected then the first place you should check is your website itself. You have a couple of options here. One is to go through your website looking for malicious code. The other is to reinstall it from scratch using a known, clean copy. Which one you choose will probably depend on the complexity of your website.

If you have a large-scale website with a lot of customizations, then you may be better going through it thoroughly and removing any malicious code you find. The key word here is “thoroughly”. If you miss any malicious code, the problem will persist and it could take a lot of time and frustration to find and eliminate it.

Reinstalling your website from a safe copy is guaranteed to get rid of any malicious code. Of course, the bigger, more complex and more customized your website is, the more hassle this will be.

If this still does not resolve the issue, you could try looking for malware in your internal systems. This cannot entirely be ruled out. That said, if you did have malware in your internal systems, you would probably see other symptoms.

Changes to files

If you spot unexpected and unexplained changes to files, then your first step is to update all relevant passwords. Your second step is to check your systems thoroughly for malware, especially ransomware. There is only one real defence against ransomware. That’s to make sure that all your files are both encrypted and backed up. Both of these defences need to be put in place before you are attacked.

On a similar note, having robust access-control policies in place will make your life a whole lot easier. In particular, make sure that you only grant edit privileges to users who actually need them. If people just need to see what a file contains, then give them read-only access. The fewer people can change a file, the easier it is to spot unexpected changes.

Pop-ups suddenly popping up

Pop-ups are generally a symptom of trouble. If you click on them, even accidentally, they can also be a cause of trouble. These days, the vast majority of internet users (especially businesses) use pop-up blockers. Generally, these are included with security software and turned on by default. Any signs of pop-ups suddenly popping up out of nowhere is, therefore, likely to be an indication of a problem with your security software.

While it may seem like using a sledgehammer to crack a nut, your safest option by far is to do a full system restore. In all likelihood, if a hacker is unsophisticated enough to leave such obvious traces then simply filling in the security hole which let them in will be enough. The problem is that this just cannot be guaranteed.

The only way to ensure that all traces of the attack are removed from your system is to do a full system restore. After this, you need to reset all your passwords and ideally add two-factor authentication as well.

A drop-off in device performance

This is another indicator that is both complicated and reliable. The reason why the indicator is complicated is that there are lots of reasons why a device’s performance could drop. The three most common legitimate ones are changes, environmental conditions and physical damage. If all of these have been ruled out, however, then hacking should be a consideration.

In principle, the best step you can take is to replace the devices. In practice, that is unlikely to be a realistic option for many businesses. Your next option, therefore, is to disconnect the devices from the internet and give them a full, deep clean and system restore.

On the plus side, this is, or can be, a much less painful task than it used to be. Cloud apps and storage plus network storage both mean that people tend to have fewer locally-installed apps and less locally-stored data. This means that setting devices back to their original state generally takes a lot less time and effort.

For completeness, in the context of cybersecurity, the term “devices” basically means “anything connected to the internet”. The obvious candidates here are computers (both desktop and laptop), tablets and phones. It can, however, also mean printers, routers and smart devices. These can all be targets for hackers.

Unusual financial transactions

Unusual financial transactions can be a sign of identity theft. That can be a sign of hacking although it isn’t guaranteed. There are other ways security can be breached. For example, during the pandemic, many firms have struggled to collect and process the post. A criminal may have used this time to intercept your letters and hence assume your identity.

Essentially, you should treat unusual financial activity in much the same way as you would if you spotted it in your private life. Change the details for all financial accounts (not just the one where you noticed the issue) and contact your financial institution to make them aware. If your financial institution offers transaction alerts, make sure that they’re turned on.

If you hear of your customers getting payment demands from you but you don’t recognize them then change the passwords for both your financial systems and your email system. Again, if possible, turn on two-factor authentication.