How to Know if You’ve Been Hacked

It seems like every day, there’s a new headline: a company has been hacked, exposing its data and the data of millions of its customers.

Small business are no exception: surveys show that up to 80 percent of small businesses have been hacked, often because business owners do not prioritize cybersecurity.

What’s at stake? In some cases, getting hacked is just a minor nuisance. In others, your entire business could be held hostage by a cyber terrorist looking for a ransom payment.

So how do you know if you’ve been hacked, and how can you protect yourself from hackers? Steve Jaffe, co-founder and active partner of eDot, LLC, a large managed services provider in the Chicago area, offers some tips and advice.

Understanding what it means to be hacked
Being hacked means that someone (via remote access) has gotten through your computer or your network security and is able to operate within your computer. Once inside your system, they can access your data, emails, and contacts.

Hackers often gain access to systems through spam emails. While much of spam is caught through spam filters, some can still get through and look like a legitimate email from a company you use. Other emails, called spoof emails, look like they come from people you know or work with.

These emails make every effort to get you to click a link on the page, perhaps by saying they are from Amazon and your order was held up, or they are from Microsoft and need you to verify your account.

Clicking on these links can result in malware, ransomware that locks up your computer until you pay ransom, or stolen data.

How can you identify whether these emails are real? The first step is to call your IT person. You can also move your cursor (but do not click) over the link and look at the web address that pops up. If it’s an illegitimate email, a strange address will appear. You can also call the company to confirm that they sent you the email.

For spoof emails, check the return address. If it’s a spoof, it won’t be the correct address of the person you know.

How to prevent getting hacked
While you can’t prevent your name or e-mail from being spoofed by others, there are steps you can take to reduce your susceptibility to being compromised.

• Install necessary protection licenses on your computer. Make sure the virus definitions are always up to date.
• Install a content filtering program.
• Ensure your company has a geo fencing filter on your firewall.
• Check your rule set in your mail program to ensure that there are no rules that you did not implement (especially ones that auto send and auto delete).
• Use a complex password that is a minimum of 10 characters in length. Change it frequently.
• Train your team. Conduct a class on how to identify bad e-mails (for yourself or for your company).
• Review your company security protocols to ensure they are current.
• Confirm that your firewall has no open ports.
• Implement a multi-factor system for remote users.

If you get hacked
If you do happen to click on a link or fill out a form you shouldn’t have, take these steps:

• Change your password immediately
• Run all your available malware/ransomware programs for viruses
• Check your e-mail rules
• Do not rush to e-mail the entire world that you were hacked and to not open e-mails from you
• Tell your IT department and await their instructions

These extra steps might seem like a nuisance, but they can provide the very protection you need to protect your business, employees, and customers from getting hacked.

Adapted from an article written by Steve Jaffe, co-founder and active partner of eDot, LLC, a large managed services provider in the Chicago area.