How to Recognize a Cyberattack

We always want to focus on proactive cybersecurity measures, but just as important is how to recognize a cyberattack while it’s occurring!

That’s why we’re covering 5 areas of your business that a cyberattack could compromise and the key signs to look out for!

Why You Should Recognize a Cyberattack

Did you know that 60% of all attacks target small to medium-sized businesses?

There are a few reasons why:

  • SMBs are less likely to have stringent security measures in place
  • They often don’t have an incident response plan in place
  • Attackers find SMBs easier to infiltrate and exploit
  • SMBs don’t have the resources to defend or recover from successful attacks

What’s Worse?

The total cost of a single data breach for SMBs averages $149,000.

On top of that, because most SMBs have limited resources, an attack can prove fatal, causing a reported 60% of small businesses to shut their doors following a cyberattack.

So, as we say multiple times when it comes to cybersecurity, you must be PROACTIVE.

That’s why with each area we’ll go through:

  1. A proactive measure you can take to protect it
  2. The signs to look for an attack
  3. Your next steps once you recognize the signs

Email (Phishing)

Proactive Measure

One great proactive measure is the free online tool “Have I Been Pwned?”

Enter your email address and the site will check if your account was part of a data breach or if your details are available to the public online.

Also, check your password with their password tool! It checks if you’re revealing your password in a breach.

Signs to Look For

Look for the following signs next time you log into your email:

  • Your password is different.
  • There is unusual inbox activity.
  • You’re getting password reset emails.
  • Unexpected IP addresses are showing up in your history.
  • Your friends are receiving spam messages from you.

After You Recognize the Attack

Once you notice something wrong, your next steps should be as follows:

  • Use a more complex password.
  • Update your account recovery information.
  • Alert email contacts of suspicious activity.
  • Check account forwarding and auto-replies.
  • Check to see if your other accounts were affected.
  • Enable multi-factor authentication (MFA).
Laptop on couch in front of two pillows. Gmail loading on the laptop

Files (Ransomware)

Proactive Measure

  • Employ a data backup and recovery plan for all critical information, as well as regularly test your backups.
  • Create, maintain, and exercise an incident response plan.
  • Be wary of emails as they are the most vulnerable to ransomware attacks and enable security measures like multi-factor authentication (MFA).

Signs to Look For

Watch out for the following signs:

  • Inexplicable slowdowns on your workstation or network. 
  • Suspicious changes to files, names, or locations.
  • Unauthorized or previously undetected extraction of data.
  • Unrecognized or otherwise out of place file encryption.
  • Explicit splash screen messaging indicating an attack.

After You Recognize the Attack

Once you identify that there’s something wrong, enact these steps next:

  • Remain calm and collected.
  • Take a photo/screenshot of the ransomware note.
  • Disconnect from backups/network.
  • Reset passwords.
  • Inform the authorities (cyber.gc.ca/en).
Photo of several SD cards clustered together and facing down on a patterned purple background

Network (MITM)

Proactive Measure

Change your default passwords on networking equipment! It’s the single greatest proactive measure you can do to protect your network.

We DID mention the 2020 SolarWinds attack in our Cybersecurity 101 Webinar, where a server password was “SolarWinds123”.

Cyberattacks are much more likely to occur through mundane errors such as choosing easy-to-guess passwords (such as the above) or not changing the default passwords, which is why we stress using strong passwords constantly!

Signs to Look For

Just like SolarWinds, your server network CAN be hacked. Watch for these signs:

  • Your files and/or server have been encrypted.
  • The network becomes very sluggish/slow.
  • Your data usage is unusually high.
  • Programs are continually crashing.
  • Computers are functioning without local input.

After You Recognize the Attack

In the event any of the above signs occurs for suspicious or undetermined reasons, here’s what to do next:

  • Perform a security scan for malware.
  • Communicate with your team and notify any affected users.
  • Follow your Business Continuity Plan.
  • Restore from a backup.
  • Isolate the infected site (disconnect endpoints and server from the rest of the network).
network cables plugged into a server

System Accounts (Social Engineering)

Proactive Measure

By “System Accounts” we mean key account information that enables you to do your work.

This includes Microsoft/google accounts, account information to servers, and similar data.

Oftentimes, these accounts are targeted through social engineering, where the hackers collect information from every resource possible (social media or otherwise) in order to log into your accounts.

It’s important to have proper user training to understand how your information can be revealed, as well as using MFA in the event a mistake occurs

Signs to Look For

If you’re suspicious your system accounts are compromised, check for these signs:

  • Your computer speed has slowed down.
  • Your security software has been disabled or compromised.
  • Software or browser add-ons appear that you don’t recognize.
  • Additional pop-ups are happening.
  • Random shutdowns and restarts are happening.
  • You’ve lost access to your account (a big and obvious sign, but a sign nonetheless)

After You Recognize the Attack

Once you’ve identified there’s something wrong, follow these next steps: 

  • Perform a security scan for malware.
  • Communicate with your team, and keep them in the loop.
  • Isolate the infected system from the network.
  • Review monitoring systems to identify and understand how the threat entered.
  • Enable MFA.
Woman at desk with her laptop open in front of her while she checks her phone

Online Storage (MITC)

Proactive Measure

It’s a faux pas to believe your cloud storage systems (like Dropbox and OneDrive) are 100% protected: There IS such a thing as Man-In-The-Cloud attacks.

Hackers steal your authentication key, often by gaining accessing your phone.

Luckily, many online storage services encrypt their cloud data automatically to minimize the chances of a successful attack.

However, there IS one thing you can do to prevent online storage compromise: you can enable MFA to close that avenue from attackers.

Signs to Look For

When you access your online storage, look for the following:

  • Your site suddenly has content that shouldn’t be there.
  • You cannot access your account.
  • Files are missing or altered.
  • You’re being notified of unexpected access locations and logins.
  • A large number of requests for the same file have been received.

After You Recognize the Attack

Do the following steps in order:

  • Perform a security scan for malware.
  • Communicate with your team, and keep them in the loop to determine next steps.
  • Notify any affected users.
  • Follow your Business Continuity Plan.
  • Enable MFA.
cloud storage

Protect Yourself and Your Business

In order to protect your business, follow the three Ts!

Employees should understand and be trained on company policies about software use, and data ownership.

Employers should be transparent about what activities the company is monitoring on work-issued laptops.

Technology should support employees and employers in detecting, investigating, and responding to data breaches.

Employ these 3 Measures Right Now

Your protection doesn’t just stop at the Three T’s!

In fact, we’ve created several resources to help you improve your cybersecurity.

  1. Go through our 10-POINT CYBERSECURITY INSPECTION CHECKLIST to assess your cybersecurity readiness and awareness.
  2. Run a CYBERSECURITY AUDIT to gain a clear picture of your problem areas and what issues you need to deal with.
  3. Create an INCIDENT RESPONSE PLAN to give your team a step-by-step process to follow to manage and mitigate data breaches.

Top Tips for Your Safety

We know you want practical tips that you can start using today, so here’s our top 3:

  1. Be SENSIBLE – Never click on links, download files, or open attachments in emails (or on social media) that aren’t from a known, trusted source.

    Be PROACTIVE – Learn as much as possible about cybersecurity, get certified, and ask for training at the workplace.

    Be VIGILANT – Every situation you come across could be a potential scam. It’s better to be safe than sorry. If you see something, SAY SOMETHING.

Too Much Information?

We know you might not want to read this entire article, so we’ve summarized it in our one-pager down below.

At Clearbridge Business Solutions, we’re dedicated to equipping our customers with the tools they need to be more cyber secure through managed IT services and educational resources.

We can only cover so much in a webinar. If you’re ready for a partner to come alongside you for all your IT strategy, IT security, and IT support needs then get in touch today!

Cybersecurity 201

In this follow-up to our Cybersecurity 101 webinar, we cover five different cyberattacks businesses should be aware of, the costs involved, real-life examples of each attack, and some best practices you can use to keep your business safe.

Hiring an External IT Company - IT team working together

Hiring an External IT Company

Many owners believe hiring a single person or assigning someone within the company to handle all their IT needs will do the job. But there are a lot of issues with that. We cover the top 5 reasons to hire an external IT company.

Remote Working Security Risks and Tips

Remote work has become an increasingly popular option for workers everywhere. But working remotely comes with its own share of security risks to employees and businesses as well!