More than half of all small to mid-sized businesses have been hacked at some point, according to Hartford Steam Boiler, and three-quarters weren’t able to restore all of the lost data.

The average company takes more than 200 days to detect a data breach, according to Ponemon Institute, which adds millions of dollars to the average cost of remediation. Companies are so bad at detecting data breaches that more than half (53%) are discovered by an external source, such as law enforcement, according to Mandiant estimates.

Let’s take a look at some common signs that your small business network may have been hacked, as well as steps that you can take to identify and address problems early on.

#1. Ransomware Messages

Ransomware messages and encrypted data are the most obvious signs that your network may have been compromised.

Ransomware attacks rose 363% during the first half of 2019, according to Malwarebytes, with an increasing focus on small businesses and municipalities. New ransomware variants have been successful in attracting bigger payouts from businesses and municipalities by making it impossible to retrieve files from infected machines — leaving them with few options.

The best way to respond to a ransomware attack is to immediately shut down and quarantine any infected devices and contact law enforcement to come up with a solution. While paying a ransom might work, there’s no guarantee that the criminals will actually decrypt the data and doing so will only increase the frequency of these attacks.

#2. Phishing Emails

Suspicious emails from executives or employees are another sign that your network has been hacked.

Phishing emails account for 90% of data breaches, according to ReTruster. The most effective type of phishing, known as spear phishing, involves sending convincing emails from trusted sources whose accounts have been compromised or spoofed. These emails are the most common distribution channel for ransomware and other viruses and malware.

The best way to respond to phishing emails is to immediately change the password on the sender’s account to eliminate any possible unauthorized account access. It’s equally important to notify employees of the phishing attempt in case the emails were being spoofed (as opposed to being sent from a compromised account) and ensure that nobody takes the bait.

#3. Network Slowdowns

A sudden slowdown in the network could indicate that it has been compromised by a botnet or similar attack.

Botnets commandeer networks to send malicious or spam emails, as well as conduct distributed denial of service (DDoS) attacks. In these cases, you may notice a sudden spike in DNS traffic or a network slowdown. You may also see an increase in ICMP packets across the network — the protocol that network devices use to talk to each other.

The best way to respond to unusual network activity is to immediately launch an investigation to determine the cause. If there’s a breach, you may need to power down the network, identify the infected devices and clean them before any data is lost or stolen. You should look at network logs to ensure that the malware didn’t affect other parts of the network.

#4. Account Abnormalities

Locked accounts and/or off-hours activity in privileged accounts are two other signs that your network has been hacked.

Locked accounts are a sign that criminals may have attempted brute force attacks to break into user accounts. With more than 80% of data breaches arising from poor passwords, there is a good chance that they were successful in compromising at least a handful of user accounts. Off-hours activity in privileged accounts is a particularly concerning sign.

The best way to respond to account abnormalities is to force a password reset across all users, as well as review the network logs to see if there are any abnormalities. You should also ensure that all users have the correct permissions and consider resetting permissions across all users in case a handful of them have greater permissions than they require.

How to Protect Your Network

The best way to avoid these four common signs of network security issues is to prevent them from occurring in the first place. While most people are familiar with antivirus and anti-malware software, these solutions aren’t sufficient to ensure that your network is protected. It’s better to use proactive, rather than reactive, approaches to cybersecurity.

For example, suppose that you are tasked with securing your office building and you have a choice between buying locks for the doors or hiring a security guard to patrol the perimeter.

Which option would you choose?

Antivirus and anti-malware software are like the security guard. If they recognize a crime is occurring, they will spring into action and stop it. The problem is that they may not recognize the crime or it may be too late to stop — especially if they haven’t received the right training in time to recognize a particular type of crime.

Active network protectionpatch management software and effective password management are the locks on the doors. They help keep intruders out of the building, which makes the security guard’s job a lot easier. These are the first steps that many small businesses skip over when evaluating their cybersecurity risks and coming up with solutions.

Modern Managed IT provides comprehensive cybersecurity services designed for small businesses with less than 250 employees. With active network protection, password management, patch management, and other security awareness training, the all-in-one solution helps ensure that your network is secure from cyber attacks.

The Bottom Line

There are many different signs that could indicate that your network has been hacked — from obvious ransom messages to hidden network traffic. While antivirus and anti-malware software can help detect infections after they occur, it’s important to ensure that you have the right systems in place to secure the network from an infection in the first place.