This month is Cyber Security Awareness Month, with week one focused on this question: have you been hacked? We will look at the top 5 signs your organisation’s network may have been breached and what actions you need to take next.

Excessive attempts to connect with your domain

Although we know that the internet can be hit and miss, particularly in remote or high-traffic areas, it can be an indication you’ve been hacked. One of the first signs is excessive attempts to connect with a domain account, for which multiple password retries have been logged. In layman’s terms, you’ve tried to log in multiple times and it’s not working.

Strange or suspicious messages

Oftentimes, messages which may appear legitimate are not. However, there are a few clues to help you know whether what you’ve received is real or a phishing attempt. These include the grammar and spelling, and the email address it’s been sent from. There may not be links in the initial email, but a request for help or a general response after which they will have the “in” they’re looking for. Remember, these can come from outside sources such as business contacts, or they can come from an internal member.

Unusual network traffic

If you can’t see it, you don’t know it’s happening. This is one of the biggest cyber security risks an organisation can have. If you don’t already have a cyber security specialist or program to monitor your network traffic, you need to get on it pronto. For hackers who know what they’re doing, it’s pretty easy to jump into your network undetected and from there, gain access to applications and data or plant malware into your system.

Slow computer or network

Is your computer or network going at a snail’s pace compared to normal? If there’s no reason it should be (such as previously advised network maintenance), it could be a sign you’re dealing with a data breach or malicious software. The transference of large files outside of your network and hidden malware both take a lot out of your computer or network, so don’t just ignore it as “one of those days”. Take your concerns up the chain of command, because it’s better to be safe than sorry.

Unusual computer activity

Sometimes your mouse cursor will move of its own accord, your monitor might flicker randomly, or your webcam light might turn on and off. Often this is just due to hardware problems, however, it can be a sign you’ve been hacked. Although not as common as other attacks, hackers will sometimes break into your computer and wait for it to be idle before trying to further their efforts.

These are of course only a handful of indicators you’ve been hacked. Without exploring them further, some other indicators include:

• Frequent, random popups
• Unexpected software installs
• You receive a ransomware message
• Your social media accounts send invitations or messages that you didn’t send
• Your account is missing money

What actions you need to take next

If you’re experiencing any of the above, or other suspicious activity, what are the steps you need to take? The very first thing you should do is take your concerns up the chain of command, for example, your manager, IT department or cyber security specialist. These people will have the ability to pass your concern onto the relevant team or will have the skills needed to investigate further.

Once you have the relevant internal stakeholders aware of the situation, the following steps are recommended:

Report it: if it is determined you’ve been hacked, head to the Australian Cyber Security Centre’s website and report it. By doing so, you will help them to track, investigate and prevent further attacks.

Multi-factor Authentication (MFA): make sure you have the appropriate level of multi-factor authentication set up for your organisation. This extra level of protection will help stop hackers from being able to get into your network so easily.

Password management: aside from MFA, ensuring you have a solid password management policy is essential. Recently, the Intercontinental Hotels Group (IHG) was hacked with a significant amount of data destroyed thanks to their easily found and weak password, Qwerty1234. It’s important that all staff don’t use such simple passwords, and that they’re required to change them regularly.

Anti-virus software: most people and organisations are pretty good when it comes to ensuring anti-virus software is installed on their computers, but sometimes we think it’s okay to ditch it in an attempt to save money. Particularly if you’re a small organisation still struggling after Covid, you may have decided to just be more aware instead of forking out the money for extra software. What people don’t take into consideration is the cost of a cyber-attack. It’s better to be out of pocket a little now, than the significant chunk an attack would take.

Third-party software: in terms of network traffic, sometimes it can be much easier to bring in another organisation to monitor and deal with any potential breaches in your network. Again, although this costs money, sometimes it’s better to pay it now than later, particularly if you’re part of the critical infrastructure industry.

Internal specialists: perhaps one of the most important steps you can take is to ensure you have in-house cyber security specialists. That way, you will have someone constantly monitoring your computers and networks on standby in the event you are hacked. The Australian Government currently has funding options available for businesses looking to upskill or reskill current employees, so now is the perfect time to implement this step if you haven’t already.

Don’t take your cyber security lightly. If Cyber Security Awareness month and the recent Optus breach can teach us anything, let it be that we need to be proactive, not reactive.