To discover cyber criminals can be a challenge. After all, one of their focus areas is to not be discovered. There are, however, some signs you can be on the lookout for to discover if unauthorized people have looked at your data.
1. Abnormal user activity from accounts belonging to management
If you notice that login to accounts suddenly happens from other countries or at other times than normal, it may be a sign that something is going on. You should check this with the owner of your account. It is better to check one time too many, than too seldom.
2. More failed logins than usual
You should also take a closer look if you discover more incorrect logins than usual or that abnormally many user accounts have been blocked due to incorrect password. If you still have access to the account; make sure to change password straight away. Although it is no longer a recommendation to change your password regularly, it is a good idea to change password when you suspect something fishy going on.
3. Abnormal network activity
Do you see extremely many more DNS lookups than usual? This could, for example, be a bot network that communicates with the mother ship. You should look into this incident immediately.
4. Your passwords suddenly stop working
You should immediately contact the owner of the account in question, if this happens. This can be done through your company or by contacting the company directly. When you get your account back, you should immediately switch to a new password. Make sure this is extremely secure – feel free to use a sentence with both letters and numbers as the password.
5. Confidential data appears elsewhere than expected
Should you suddenly stumble upon confidential data on the Internet or other forums, it is important to act quickly. Unauthorized data becoming available can harm the company. Therefore, it is important to try to find the reason why the data ended up online and try to remove it immediately.
6. Have I Beed Pwned
There are websites where you can find out if your passwords have appeared in a password leak. Have I been pwned is one of these sites. If you receive a notification from this site, you should immediately change your password.
7. A third-party contacts you
If a third-party contacts you and informs you that they have received malicious e-mails from you, it is a sign that you have been hacked.
8. Your files/file shares are encrypted
Encryption is a mathematical method that ensures confidentiality by “locking” information so that it cannot be read by unauthorized persons. If information is suddenly encrypted and thus locked away, without you or one of your colleagues' knowledge, it is a sure sign of ransomware.
Contact us to learn more about how you can maintain high quality of your organization's IT-security!