Have I been hacked

Have I been hacked? Advice for small businesses

If your business is online – whether you have an email account, website, social media profiles, or access the internet in any other way – then cybersecurity needs to be on your radar.

Just because your business is small, sadly that doesn’t mean you’re not a target. In fact, small businesses are subjected to around 10,000 attacks every day, with the average cost of a successful attack coming in at £1,300. (Not to mention the damage that can be done to reputation).

Oh, and there’s the small matter of the General Data Protection Regulation (GDPR) too, which means companies now have an obligation to report a data breach within a set timeframe and to ensure their systems are ‘secure by design’.

From phishing emails, to invoice fraud and distortion, attacks nowadays are increasingly sophisticated, seeking out weaknesses in a system they can exploit. What makes the whole process even more tricky, is that an attack won’t always be obvious.

So, how can you tell if your business has been the victim of a cyberattack?

Here are some of the telltale signs to look out for.


4 signs your business may have been hacked


You’re locked out of your systems

Being held to ransom is one very obvious sign of a breach. Ransomware can result in your systems being locked and your data encrypted. If this happens, you are likely to receive a message asking you for money in order to get your systems restored.

One stat suggests two-thirds of companies who have fallen victim to such an attack end up paying out, but this is no guarantee of a happy ending. Only half of those who pay go on to recover their data, with the other half completing losing it all.

So, what can you do about it?

As well as doing all you can to ensure your cyber essentials are covered, you need to have a disaster recovery plan in place. This should include making regular, full system backups that are held securely, away from your main systems. It’s a good idea to test these backups are working too, rather than discover there’s a problem when you really need them.


Money is missing from your account

Whatever type of cyberattack you may be subjected to the goal of the criminal behind it will almost always be money. One awful way to discover you’ve been the victim of a successful attack is to find a chunk of money missing from the company account. You may also notice other unusual account activity. For example, smaller amounts being siphoned off that are going under the radar.

Check you’re always on top of all the financial transactions taking place in your account. Again, use strong passwords, 2-factor authentication wherever possible and strictly limit access to the company account details and any credit cards and other payment methods you may have.

Check accounting systems and software are up to date and secure, including the systems used by any third parties who may be involved on the financial side.


Passwords have stopped working

It’s common for hackers to try and take control of core business accounts and platforms, such as emails and social media profiles, so they can exploit them. If they manage to gain access, then they are likely to change the account password to keep you out, which is why your passwords suddenly not working can be one sign there’s a problem!

Once criminals have access, they may use your account to send fraudulent or damaging messages to all your contacts. For example, sending messages that include links to malicious malware, or asking to change the payment details for invoices. As it looks like it has come from within the business, the message has more chance of being opened and actioned.

If your password isn’t working and you haven’t changed it, then contact the relevant help desk or customer services as soon as possible. Start using 2-factor authentication where it is offered and use a password manager, such as Last Pass, to ensure all your passwords are hard to crack and aren’t replicated across multiple sites.

Remember, passwords are one of the easiest ways in for cybercriminals, so focus on making your company’s use of passwords as secure as possible. You’ll find some top tips here.


You’re being plagued by pop-ups or diverts

Malicious malware can cause may problems for businesses, including redirecting your internet searches and spamming you with endless pop-ups that manage to evade browser pop-up blocking mechanisms. You may even be presented with a fake anti-virus warning, encouraging you to click on a link or ring a helpline number – both of which should be avoided at all costs!

So, what can you do about it?

Look at the installed and active toolbars within your browser settings. Delete any toolbars you don’t recognise and if you’re not sure, consider resetting your browser to its default settings. Do the same thing in your main system’s programs list – review and check for anything unusual or that you don’t remember installing. And make sure your antivirus is up to date and all employees are aware of the risks, to try and stop anything malicious being clicked on in the first place.


How can I stop my business being hacked?

Along with the specific advice we’ve included above, here are some additional precautions you can take:

  • Ensure you have robust IT systems and processes in place, so you have a strong first line of defence
  • Get your cyber essentials covered, meaning you have thought about and taken precautions against the most common threats and ‘ways in’ that cybercriminals may try
  • Keep your antivirus software updated and make sure it is active on all devices the company may use, including phones and tablets
  • Accept system updates (which will often include patches for known problems)
  • Undertake regular staff training, as people are often the weak link in the system and everyone needs to be cyber aware
  • Get expert help to ensure your systems and processes are secure, fit for purpose and can adapt to the changing needs of the business, as well as evolve alongside the growing cyber threat



At Dragon IS, we make it simple. No jargon. No surprises. Just expert advice you can trust, backed by superior technology and outstanding customer service.

Whether you’re a growing business thinking about upgrading your IT system; you’re concerned about cybersecurity and data protection compliance; or you need specialist support with a specific IT challenge, we can help!

To arrange your free review, please get in touch on 0330 363 0055 or email lionel@dragon-is.com