9 signs your business has been hacked and what to do about them


It’s the stuff nightmares are made of. What started as another mundane Monday afternoon has suddenly morphed into one of your worst-case scenarios.  Your business has been hacked.

The scariest part is that you may not even notice. If you’re lucky, you may receive a ransomware notification or a good samaritan might inform you but often the telltale signs of a breach are more insidious. Here’s how to spot and tackle them.

9 warning signs you’ve been hacked –  and what to do about them

Unexpected changes to files 

Many modern businesses allow for organisation-wide access to documents and real-time editing. Think tools like Google Docs or your Microsoft 365 package. Telling the difference between colleagues’ tracked changes on that ten-page report you wrote and more nefarious activity can be tricky. But it’s not impossible. 

Look for revisions outside of what you’d normally expect. For example, document name changes, or files that have been mysteriously deleted. Like fingerprints at a crime scene, all of these could point to a hacker’s presence.

What to do: To keep the hackers at bay, start by changing all company passwords, installing encryption software and double-checking everyone is following your security policy. If the problem persists, consider speaking to an expert.

Spam emails sent from company email accounts 

No one likes spam. It’s annoying and nothing turns off a prospective customer more quickly than a deluge of unwanted emails. But if you suddenly start receiving complaints from customers or unsubscribe numbers start climbing, it’s also a sure sign you’ve been hacked. 

What to do: Keep a close watch on your outgoing emails. It’s likely your marketing team are already tracking emails for key metrics, so ask them to keep an eye out for anything that looks out of place. On an individual level, regularly check the sent folder in your emails for messages that you don’t remember sending or look spammy. 

If you do discover something’s wrong, follow the steps we outlined above for file changes. 

Secure your business today. Get Cyber Essentials certified.

Unusual financial activity

It’s generally known that most hackers are out for one thing: money. So one of the most important places to regularly check is company bank accounts.

Check business statements regularly for unusual withdrawals or payments from your account. If you do spot anything, there’s a very real chance you’ve been hacked. And, remember, cybercriminals won’t necessarily steal large amounts. One of the most successful small-scale hacks of recent years involved a cybercriminal stealing from multiple businesses, a few ill-gotten cents at a time. 

What to do: If you do find irregularities, change passwords for all company accounts, turn on transaction alerts and contact your bank – most will reimburse any stolen funds.

Unwelcome installations

It can be difficult to keep track of the various tools and software everyone within your business has installed. This is particularly true in the frenetic world of an SME or startup.

Nevertheless, there’s a big difference between the tools your people need and unwanted software no one remembers installing. Sometimes this software is completely harmless. We all accidentally install a browser add-on now and then. However, there’s also a chance that if someone doesn’t remember installing something, it’s been added remotely by a cybercriminal.

What to do: The fix for unwelcome installations is a simple, but time-consuming, one. Perform regular checks on the software and toolbars in use on all company devices. And, if you find any applications that look strange or aren’t in use, uninstall them. 

Random pop-ups

Like it’s equally irritating cousin, spam, we all hate pop-ups. We hate them so much that more than 600 million devices (or 11% of all the devices in the world) are currently using an ad blocker.

However, there might be something more to the pop-ups you’re seeing than an annoying sideshow. If you’re getting popups from websites that wouldn’t usually generate them – particularly, reputable ones – it could indicate your system has been compromised. 

What to do: Unfortunately, there’s no quick fix for this problem. The best way to clean up your systems is to manually delete any software or toolbars you haven’t installed yourself (see above). At this point, it’s perfectly acceptable to let out a long sigh. 

Company devices behaving strangely 

When we talk about ‘devices behaving strangely’ it’s important to stress we don’t mean the ‘Wednesday afternoon go-slow’ your laptop experiences from time to time. 

We mean really strange behaviour. For example, your mouse cursor moving of its own free will or random flickering on your monitor. Both of these things could indicate something much more serious is going on.

What to do: If you do notice your device behaving strangely, it’s time to call in the experts. Disconnect your device from the internet, power it down and turn your router off. Although these steps won’t undo the breach, they will at least stop hackers inflicting any damage before you get expert help. 

Internet searches being redirected

We mentioned earlier that most hackers are interested in making money, and stealing isn’t the only way to do it. An easier, far less risky, way for cybercriminals to make a fast buck is to redirect your browser searches somewhere you don’t want to go. By redirecting your searches to another website (often the site owner has no idea the site is being used this way) the hacker gets paid for your clicks. 

What to do: If your internet searches are being redirected then there’s a high chance you’ve also got bogus toolbars and software installed on your device. Simply follow the same process we outlined earlier for software and that should fix things. 

Changes to your security settings

Cybercriminals are clever, but that doesn’t mean they’re above crude tactics. And top of the list of ‘obvious but effective’ hacker tactics is turning firewalls, ad blockers and anti-virus tools off.

Keep a close eye on your security settings. If something is turned off that shouldn’t be, it’s most likely just down to human error. However, it’s well worth switching it back on and seeing what happens. If the same thing happens again, it could mean you’ve been hacked.

What to do: By far the best thing to do is back up any files that aren’t already and do a complete system restore. There’s no telling what has happened without expert help, so the first step should always be a complete reset of any affected devices. 

Confidential data has been leaked

Of all the warning signs on this list, discovering confidential company information has been found in an online data dump is the most obvious. Unfortunately, it’s also very tricky to fix.

What to do: The information is already out there, so your actions need to be more about reputation management and preventing it from happening again, rather than addressing the immediate problem. If the worst should happen, it’s time for a full audit of your security procedures, policies and infrastructure. 

Defence starts with prevention 

It might sound cliched, but the best cure for being hacked really is prevention. Relying on anti-malware tools will only get you so far. The real gains are to be made in ensuring you have clear security protocols that prevent common mistakes, using tools like encryption and two-factor authentication, and checking company devices continually. 

Don’t wait until one of these warning signs appears. Instead, think of cybersecurity as you would office security. The more often you check doors and windows are properly locked and know exactly who has access to the keys, the less likely you are to suffer a break-in. Why should your cybersecurity be any different? 

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

CTA button

Remote working best practices: what makes a strong password?

Still using the password you conjured up for your first email account in 2002 featuring your favourite footballer? We hope not. Passwords play an absolutely essential role in the security of your company and weak passwords are some of the easiest way for hackers to breach your cyber defences through employee accounts.

In this article we’ll be sharing advice on how to avoid this common, but easily avoided, security pitfall.

Minimum password length for systems

For all password-protected systems, your business should try to follow these basic steps when configuring them:

  • The minimum length for a password should be at least 8 characters including all alphabets, symbols, and numbers.
  • There should be no maximum password length.
  • The system should not allow the user to set a password that does not meet the minimum length requirements for it.

The requirements mentioned above are simple to understand but can be difficult to implement. It is important to note that these rules need to be established across all password-protected devices and software.

To meet this requirement, you need to consult with your IT manager to ensure that all devices and software (whether third-party or proprietary) enforce the minimum password length.

Enforce a secure password policy

A password policy is used to establish the rules and requirements for setting passwords. Creating a secure password policy for staff helps businesses protect themselves and allows them to meet the password requirements under the government’s Cyber Essentials certification scheme.

The goal of a password policy is to take away the burden of individual users to create solid passwords. However, users should still be made aware of the password policy so that they pick sensible passwords for their email, devices, and other accounts.

Other than the minimum password length requirement mentioned above, your employees should:

  • Avoid obvious passwords that can be easily discovered or guessed such as their name, phone number, birthdays. That goes for your pet’s name too.
  • Not choose common passwords such as the ‘abcdefgh’, ‘12345678’. This can also be implemented through a blacklist that prevents users from keeping common passwords.
  • Memorise their passwords instead of recording them whenever possible. Don’t email them to yourself or keep them in your Notes.
  • Not use the same password for different accounts. 45% of Brits have the same password for half of their online accounts. Not great.
  • Use password management software or other secure mechanisms for storing and retrieving passwords.
  • Require the system to:
    • Protect against brute-force password guessing algorithms by locking accounts after a set number of unsuccessful attempts to enter the password.
    • Change default or common passwords to random non-guessable passwords.

If you want to see how long it would take a computer to guess your current passwords, check out HowSecureIsMyPassword.


Ensuring the use of strong passwords is a key step towards becoming digitally secure. 

CyberSmart helps businesses comply with Cyber Essentials by simplifying the process of compliance for them including complying with password regulations. If you would like to learn more about how to implement a password policy for achieving Cyber Essentials, get in touch with us.

Small businesses at risk of multimillion pound fines for breaking GDPR rules

A new survey has revealed many small business owners are still clueless about GDPR. The results suggest small businesses could be in breach of GDPR without even realising it, as half of the participants appeared confused when answering questions surrounding data protection and privacy regulations.

A worrying 4/10 didn’t know that losing paperwork could be a data breach, or that emailing or faxing personal details could potentially be breaching data regulations also.

Are you being extra careful when sending that email?

Scarily, 45% of businesses did not know that the ICO (Information Commissioner’s Office) needed to be informed when data was breached and individuals’ rights were affected. It also showed they were unaware and failing to ensure confidential paperwork such as signing in and visitor’s books were kept in a protected environment.

It’s essential as a business owner you stay well informed and aware of GDPR and data protection to ensure you continue to create trust in your employees and consumers. By staying up to date with the changing data laws, you will show that you are consistent in protecting personal and private information.

Breaking GDPR is easily done within a business – it’s as simple as storing files with personal data outside of a defined structure. Many SMEs are digitally renovating their businesses with more intricate technology, however, this essential move is increasing their exposure and vulnerability for cyber-attacks.

The fact that new threats are constantly evolving and developing – and 43% of cyber-attacks are aimed at SMEs – highlights the lack of knowledge surrounding GDPR. Small businesses now need to look at investing more time in digital security. This will not only prevent any future attacks but show that you are being proactive with your digital approach.

What can you do?

By maintaining your security and safeguarding your business, you are able to protect your organisation long term. Utilising Cyber Essentials, Cyber Essentials Plus and IASME GDPR Readiness certifications, which are compliant with the Data Protection Act (2012), you can ensure that you are prioritising your business and data while giving your employees and consumers that added assurance.

Safeguarding your data should be your priority. Considering crisis incidents such as extortion, cyber attacks, and industrial espionage are just a click away, it is critical that SMEs assess their ability to survive a cyberattack, and there are steps to take to prevent and manage this if the worst were to happen.

How confident are you that your business is fully compliant?

Data privay toolbox

Securing the links in your supply chain to prevent cyber attacks

Cyber attacks happen virtually every day, and the impacts data breaches can have on SMEs can be catastrophic. Falling foul of GDPR legislation  can result in fines, loss of trust in your company and ultimately loss of revenue – so it pays to be compliant. 

However, what about the other organisations in your supply chain? Do they require access to your data or systems? Could your security become compromised as a result? While you might have the right cyber essentials in place, can you say the same about your suppliers? These are just a handful of questions all company decision-makers should be asking. 

Supply chain attacks: a history 

Supply chain attacks are nothing new. In fact, one of the largest data breaches in history (when the US-based retailer Target had the credit/debit card information of up to 40 million customers stolen) happened when the firm’s POS system had been infiltrated via malware that came via a supplier. In 2013, attackers used the “trusted” connection between the supplier and Target’s system to gain easy access. 

Putting appropriate controls in place 

All SMEs should understand the risks suppliers may pose and should ensure the supply chain is subject to the appropriate security controls. A good starting point would be to request all suppliers show evidence of having attained “Cyber Essentials” certification – the UK’s recommended security standard. However, this might even be insufficient for high-risk suppliers, who need to go one further and get “Cyber Essentials Plus” accredited.

Mitigating against risk 

As a company, you need to decide which controls you insist upon your suppliers having before you decide to continue doing business with them. If suppliers are unwilling or otherwise unable to comply with these requests, you need to consider whether you can put procedures in place to protect your data that allow you to continue forging a working relationship with them. 

Cybersecurity is one of the biggest threats faced by SMEs in the UK today, and its impacts on every entity within a supply chain, from top to bottom, are far-reaching. It’s therefore imperative for all elements of the supply chain to work together to maintain the strictest possible security measures. 

Find out more 

If you’d like to know more about Cyber Essentials certification or are concerned that your business might not be adequately protected against supply chain cyber-attacks, why not contact Cybersmart today? A member of our team will be happy to discuss your requirements or arrange a security audit of your current systems. 

How investing in cybersecurity can boost your success

There’s no doubt we live in a digital world, and most businesses realise the danger they face if they fail to get on board with the latest trends. After all, few companies, if any, lack an online presence. That means much of small businesses’ data is stored on hard drives in local computers and servers in the cloud. Therefore, it’s time you took measures to ascertain the integrity and security of your company’s data because as most organisations are starting to realise, cybersecurity is the key to fast business growth in the digital era. How? 

It helps you outsmart the competition 

Hackers are opportunists. The recent ransomware attacks we have seen plaguing national and international companies and institutions such as the NHS are a menace, with cybercriminals looking for any means possible to gain access to sensitive data. Considering that most companies have a digital presence, this means attacks are simply growing as hacking software becomes more sophisticated. As such, clients are increasingly looking for this reassurance from companies they do business with, meaning that offering robust cybersecurity is increasingly being used to outsmart the competition while safeguarding your data

It makes threats less likely 

Most companies are turning to cloud technology because it has been deemed the most secure, and it enables collaboration on a global scale. In the cloud, companies can access their data from anywhere in the world and share it with key stakeholders. However, to appreciate the power of cloud technology, it’s essential to plan carefully and invest in professionals who can optimise the technology for utmost security. Without these resources, your company stands to receive threats like denial of service, data breaches, management of remote identities, or insecure external applications, which can damage your company’s reputation and hamper its success. 

It demonstrates compliance 

Following best practice and industry standards for cybersecurity is essential if your company is to be trusted by current and prospective clients, and if you are to hold a commanding position in your market. Failure to comply with modern cybersecurity and data privacy standards like Cyber Essentials and IASME GDPR Readiness doesn’t just place your business and your client data at risk, it also means you could be landed with a heavy penalty for any breaches that could stunt your company’s development. These regulations have been established to protect and prolong the existence of SMEs like yours, as well as their stakeholders, so remaining compliant is critical. 

Investing in cybersecurity is essential to the growth of your business. By neglecting it, you not only hinder the development of your company but also place it at risk of irreparable damage. 

What’s more, investing in cybersecurity now can give your company the leverage it needs to innovate for the future.