Small businesses are targets for corporate cybercrime as much as the big corporations that garner all the headlines. In fact, small businesses are often hacked because they lack the robust network security of their bigger competitors.
Network security is one of the most difficult things to stay on top of as a small business owner. You need to dedicate resources towards it to avoid getting hacked, but it’s often difficult to find those resources. Which means you may need help.
The advantage of working with an IT partner like Avitus Group is that we can take care of your network security needs without you having to lift a finger. And you never have to worry about it because you know we’re taking care of things for you. However, in the meantime, here are some signs that hackers may have breached your company’s network security.
The most blatant sign that your company’s network security has been hacked is a ransomware notification or complete system shut down. You will know when this happens because you will receive a notification or your system will lock you out. With this circumstance, it’s not so much about knowing that you have been hacked—it’s painfully obvious—as about having backups if you do.
Depending on who hijacked your system, a ransomware attack can go a number of different ways. You pay the ransom and the hackers give you the key to unlock your system. You pay the ransom and the hackers ignore you. Or you don’t pay the ransom and overhaul your network using the backups of all of your data.
But what if you don’t have backups of all your data? Well, that’s where things get a bit sticky. You may have to pay the ransom (although many network security experts advise against it) and hope the hackers give you your data back. However, there is no guarantee with this approach.
For example, the hackers behind the WannaCry ransomware attacks have been less than forthcoming with keys to unlock data. Maybe if the attacks weren’t so widespread and the attention on them so magnified, the hackers might have felt safe enough to send out those keys. But they didn’t feel safe, and a lot of requests for keys went unanswered.
Again, with this one it’s not so much about knowing you have been hacked but about having the necessary disaster recovery procedures in place before a hack occurs.
2—Mysterious Activity from Executive Accounts
Hackers develop innovative technological means to infiltrate companies, yet some of the most effective tools they have are psychological and work on human nature.
We tend to trust messages from higher ups at our companies, and we don’t tend to question activity in accounts of these senior leaders. But everyone at your company needs to do both.
Email phishing campaigns target your employees’ natural tendency to trust their superiors. One of the best ways to find information, steal money or cause general mayhem is by hijacking the email accounts of company executives and then leveraging those accounts.
Think of someone in accounting getting an email from the CFO asking for a payment to a consulting firm, for example. The employee receives an email from the CFO’s account, written in the same style the CFO typically uses and requests funds in amounts similar to other requests from the CFO.
It’s not hard to imagine someone in this scenario complying. If it was an email from a “Nigerian prince,” that’s another story. But this is a carefully crafted phishing campaign complete with insider information to lend credibility.
To protect your network, your employees need to be suspicious of any activity even remotely fishy. Account numbers don’t exactly add up? Call IT. Not familiar with the consulting firm the “CFO” wants to pay? Either contact the CFO or call IT.
3—Unusual Network Activity
Hackers are pretty sneaky, by nature, but they tend to leave breadcrumbs, if you know where to look for them. Unusual or increased network activity can be a sign that your company has been hacked.
Sudden spikes in outbound DNS traffic can mean your network is infected by botnets, which are infected systems that use DNS names to identify servers and also other bots. You may see a sudden spike in outbound DNS traffic as your infected system seeks out others to infect.
The appearance of large unknown files on your network can be a sign of hacking activities. As the hackers are gathering and exporting data, some of the files may be large enough that someone at your company notices them.
A denial of service (DoS) attack, which is bad enough on its own, may be the cover for a deeper penetration of your system. It’s the classic Hollywood we need a distraction moment. While you deal with your website shutting down, the hackers orchestrate a secondary security breach.
Other signs include off-hours use of privileged accounts (i.e., the account employees need logins to use), unauthorized downloads, mismatched system logs, failed login attempts, large ICMP packets (the protocol that network devices use to talk to each other) and unsolicited webcam activity (i.e., your webcam turns on even though you are not using it), among others.
Signs of Network Security Breaches
If your company’s network security is compromised by ransomware, you will know it. At that point, it’s all over but the yelling and it’s just a question of how well you have aligned your disaster recovery measures.
Other tactics such as email phishing campaigns or multi-layered attacks, meanwhile, have grown sophisticated enough that they are difficult to detect. But you can, if you know where to look. You just need IT professionals on your side who know what to look for and can pass that knowledge on to your employees.
If you have any questions about cybercrime or are looking for some help with your company’s network security, please don’t hesitate to get in touch with us. Our IT professionals can take network security out of your hands and set your mind at ease.