9 signs your business has been hacked and what to do about them


It’s the stuff nightmares are made of. What started as another mundane Monday afternoon has suddenly morphed into one of your worst-case scenarios.  Your business has been hacked.

The scariest part is that you may not even notice. If you’re lucky, you may receive a ransomware notification or a good samaritan might inform you but often the telltale signs of a breach are more insidious. Here’s how to spot and tackle them.

9 warning signs you’ve been hacked –  and what to do about them

Unexpected changes to files 

Many modern businesses allow for organisation-wide access to documents and real-time editing. Think tools like Google Docs or your Microsoft 365 package. Telling the difference between colleagues’ tracked changes on that ten-page report you wrote and more nefarious activity can be tricky. But it’s not impossible. 

Look for revisions outside of what you’d normally expect. For example, document name changes, or files that have been mysteriously deleted. Like fingerprints at a crime scene, all of these could point to a hacker’s presence.

What to do: To keep the hackers at bay, start by changing all company passwords, installing encryption software and double-checking everyone is following your security policy. If the problem persists, consider speaking to an expert.

Spam emails sent from company email accounts 

No one likes spam. It’s annoying and nothing turns off a prospective customer more quickly than a deluge of unwanted emails. But if you suddenly start receiving complaints from customers or unsubscribe numbers start climbing, it’s also a sure sign you’ve been hacked. 

What to do: Keep a close watch on your outgoing emails. It’s likely your marketing team are already tracking emails for key metrics, so ask them to keep an eye out for anything that looks out of place. On an individual level, regularly check the sent folder in your emails for messages that you don’t remember sending or look spammy. 

If you do discover something’s wrong, follow the steps we outlined above for file changes. 

Secure your business today. Get Cyber Essentials certified.

Unusual financial activity

It’s generally known that most hackers are out for one thing: money. So one of the most important places to regularly check is company bank accounts.

Check business statements regularly for unusual withdrawals or payments from your account. If you do spot anything, there’s a very real chance you’ve been hacked. And, remember, cybercriminals won’t necessarily steal large amounts. One of the most successful small-scale hacks of recent years involved a cybercriminal stealing from multiple businesses, a few ill-gotten cents at a time. 

What to do: If you do find irregularities, change passwords for all company accounts, turn on transaction alerts and contact your bank – most will reimburse any stolen funds.

Unwelcome installations

It can be difficult to keep track of the various tools and software everyone within your business has installed. This is particularly true in the frenetic world of an SME or startup.

Nevertheless, there’s a big difference between the tools your people need and unwanted software no one remembers installing. Sometimes this software is completely harmless. We all accidentally install a browser add-on now and then. However, there’s also a chance that if someone doesn’t remember installing something, it’s been added remotely by a cybercriminal.

What to do: The fix for unwelcome installations is a simple, but time-consuming, one. Perform regular checks on the software and toolbars in use on all company devices. And, if you find any applications that look strange or aren’t in use, uninstall them. 

Random pop-ups

Like it’s equally irritating cousin, spam, we all hate pop-ups. We hate them so much that more than 600 million devices (or 11% of all the devices in the world) are currently using an ad blocker.

However, there might be something more to the pop-ups you’re seeing than an annoying sideshow. If you’re getting popups from websites that wouldn’t usually generate them – particularly, reputable ones – it could indicate your system has been compromised. 

What to do: Unfortunately, there’s no quick fix for this problem. The best way to clean up your systems is to manually delete any software or toolbars you haven’t installed yourself (see above). At this point, it’s perfectly acceptable to let out a long sigh. 

Company devices behaving strangely 

When we talk about ‘devices behaving strangely’ it’s important to stress we don’t mean the ‘Wednesday afternoon go-slow’ your laptop experiences from time to time. 

We mean really strange behaviour. For example, your mouse cursor moving of its own free will or random flickering on your monitor. Both of these things could indicate something much more serious is going on.

What to do: If you do notice your device behaving strangely, it’s time to call in the experts. Disconnect your device from the internet, power it down and turn your router off. Although these steps won’t undo the breach, they will at least stop hackers inflicting any damage before you get expert help. 

Internet searches being redirected

We mentioned earlier that most hackers are interested in making money, and stealing isn’t the only way to do it. An easier, far less risky, way for cybercriminals to make a fast buck is to redirect your browser searches somewhere you don’t want to go. By redirecting your searches to another website (often the site owner has no idea the site is being used this way) the hacker gets paid for your clicks. 

What to do: If your internet searches are being redirected then there’s a high chance you’ve also got bogus toolbars and software installed on your device. Simply follow the same process we outlined earlier for software and that should fix things. 

Changes to your security settings

Cybercriminals are clever, but that doesn’t mean they’re above crude tactics. And top of the list of ‘obvious but effective’ hacker tactics is turning firewalls, ad blockers and anti-virus tools off.

Keep a close eye on your security settings. If something is turned off that shouldn’t be, it’s most likely just down to human error. However, it’s well worth switching it back on and seeing what happens. If the same thing happens again, it could mean you’ve been hacked.

What to do: By far the best thing to do is back up any files that aren’t already and do a complete system restore. There’s no telling what has happened without expert help, so the first step should always be a complete reset of any affected devices. 

Confidential data has been leaked

Of all the warning signs on this list, discovering confidential company information has been found in an online data dump is the most obvious. Unfortunately, it’s also very tricky to fix.

What to do: The information is already out there, so your actions need to be more about reputation management and preventing it from happening again, rather than addressing the immediate problem. If the worst should happen, it’s time for a full audit of your security procedures, policies and infrastructure. 

Defence starts with prevention 

It might sound cliched, but the best cure for being hacked really is prevention. Relying on anti-malware tools will only get you so far. The real gains are to be made in ensuring you have clear security protocols that prevent common mistakes, using tools like encryption and two-factor authentication, and checking company devices continually. 

Don’t wait until one of these warning signs appears. Instead, think of cybersecurity as you would office security. The more often you check doors and windows are properly locked and know exactly who has access to the keys, the less likely you are to suffer a break-in. Why should your cybersecurity be any different? 

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

CTA button