5 Signs Your Business Has Been Hacked


aking - something all businesses hope to avoid, yet something that happens every day all over the world. Unfortunately, businesses lose money, data, and more when hackers gain access to online accounts and tools.

In addition to causing an expense to the business, hacking also can damage your reputation. As a consumer, you’ve probably been cautious interacting with a business after it’s been hacked. As a business, even your most loyal customers will have those same doubts about your service after a hacking. This is why you need to take proactive steps to avoid these breaches and protect your customers’ trust. Prevention is always more effective than the cure.

In this guide, we’re going to cover both. While the first half deals with signs that your business has been hacked, the second half will tackle the aftermath of a hacking. What should you do? How can you deal with such an event?

Signs Your Business Has Been Hacked

The importance of a proactive approach should never be understated, and we appreciate that you’re reading this article as a precautionary measure. Sadly, a large percentage of businesses that suffer data breaches and other hackings don’t understand the seriousness of the issue until it affects them. In reality, one study suggests that over 60% of all SMEs (small- and medium-sized enterprises) have suffered a data breach.

With a proactive approach, you’re able to spot potential problems and limit the damage. Considering your money and reputation are on the line, as well as the data of loyal customers, it’s good to know the common signs that your business has been hacked.

1. Strange Behavior on Office Computers

First, your employees might notice some strange behavior on their computers. For example, this could include the following:

  • Cursor not acting as expected (or moving by itself)
  • Antivirus warnings
  • New programs or toolbars in browsers
  • Pop-ups

Make sure your employees know that these are all signs of hacking. Also, ensure that they don’t try to regain control of their computer. Often, the hackers are actually relying on users trying to take back control because it allows them even deeper access. When your employees spot any of these issues and are suspicious, instruct them to contact the IT team or external specialists.

2. Problems with Login

Sometimes, our mind goes blank and we forget the password to our important accounts. However, if a specific program isn’t allowing employees to log in even if they’re adamant they have the right password, this is another sign of potential hacking. If employees can’t access an account, this could be one of two things:

  • A cyber-criminal has accessed the account and changed the password
  • A cyber-criminal has tried to access the account and locked it because of the failed password entry attempts

In either case, this isn’t an ideal scenario, and you should seek help from the IT team. Again, for those who don’t have IT teams in the business, have an external service on speed dial for these very occasions.

3. Unusual Account Activity

In particular, hackers seem to be targeting ad accounts recently, and one of the best ways to spot a problem is by reviewing all activity on the account. Do you see unauthorized ad campaigns? Has the budgeting changed on existing ad campaigns? Thankfully, most ad platforms (and other programs) now list all activity. Therefore, we have an opportunity to check the activity and spot unauthorized actions quickly.

We also recommend looking through the devices that have accessed the account and reviewing all activity. You might spot a device not owned by the team and this may be the hacker in question.

Additionally, unusual account activity could be emails sent to customers from your team’s mailbox. If you’re getting concerned calls from customers, it could be that the hacker used your email account to send thousands of emails - some to your existing customers.

4. Poor Network Performance

Of course, we don’t want businesses to panic as soon as their network slows down. This being said, you should be wary if performance is much slower than normal for a prolonged period - especially if not many people are accessing the network. A slow network is sometimes a sign of a virus, malware, or even that the hacker is transferring files right at that very moment.

5. Changes to Files

Finally, you might notice changes to files on the computer. When hackers leave a network or account, they may delete or change files to cover their tracks and avoid detection. At all times, your business should monitor important system files because, if you don’t, a hacker may access your account and leave again without the business noticing for quite some time. The longer it takes for you to spot the problem, the harder it becomes to recover.

Dealing with a Hacking - Important Steps for Recovery

It’s a horrible feeling sitting down at your desk first thing in the morning and realizing that a hacker has accessed important documents. A gnawing sensation grows in the pit of your stomach as you scroll through social media comments or notice that your ad account has spent thousands more than expected overnight.

If you’re too late for the proactive stage, this next section will help you to recover after a hacking.

Step 1 - Change Passwords

Before anything else, you need to ensure that the hackers don’t come back. To do this, secure all your accounts by changing the passwords. If possible, have the whole team changing the passwords for all programs and tools used by the business. If the hacker accessed one thing, you can’t be sure they don’t have access to more (or at least won’t try to access more!).

If the hacker posted to social media, set the account to private while you start the cleanup operation. For now, don’t use any sort of password manager because the hacker could have access to this (and therefore all the new passwords too).

Step 2 - Assess the Damage

Once you’re sure the business is secure, you can now investigate the damage. While some businesses do this internally, others will outsource to IT specialists for extra security. If your ad account was hacked, contact the relevant platform whether this is Facebook, Google, or another provider. If the hacker spent money using your account, you’ll need to contact the platform to avoid paying the associated large fee while canceling all campaigns immediately. Normally, they will start their own investigation and you won’t have access to campaigns until the conclusion of this research and analysis.

Check account activity, device history, IP addresses, emails, and more for clues of how the breach occurred.

Step 3 - Look for Malware

During the pandemic, many workers are performing their jobs from home, and this makes it difficult to track devices. Though challenging, you’ll need to sweep all devices that have accessed company tools and platforms online. In addition to computers, don’t forget tablets, phones, and even smartwatches. Accessories to check include USB drives, IoT devices, and printers. We recommend checking everything for malware because it’s better to be safe than sorry.

Step 4 - Start the Repair Process

In truth, this means something different for each type of hack. If your ad account was hacked, Facebook or Google will investigate and attempt to secure your account again. If you suffered a data breach, the only way forward is honesty and clear communication. The public needs to know about the breach, so you can’t just sweep it under the carpet or hope that nobody notices.

If the data breach is serious, customers may need to freeze their cards and other payment methods while also changing their passwords for your own platform (if applicable). When advising of a breach, provide them with resources so they know how to protect themselves during this vulnerable time.

While the investigation continues, and you recover from the breach, keep a clear path of communication with customers. Even if you fail to regain the trust of some customers, it’s better to be honest through the whole process and respect the needs of these people throughout.

Step 5 - Prevent Another Hacking

Finally, you’ll need to introduce measures to ensure that another hacking doesn’t take place. Tips to prevent hacking include:

  • Limiting account access to those who really need it - remove permissions for ex-employees and anybody who doesn’t need it.
  • Use two-factor authentication so that hackers can’t access accounts even if they have the password.
  • Change passwords frequently and use symbols/characters to increase the strength of all passwords.
  • Team up with services and tools to increase the security of your business. For example, OhNoo by Trapica monitors your ad account to protect against external hackers and internal mistakes.
  • Choose a proactive approach and regularly look for the five signs listed in the first half of this guide.
  • Encrypt customer data and only allow employees to use certain devices to access business accounts.

With these tips, it’s possible to keep your business (and your customers) safe both now and in the future.