Skip to main content

While the old saying “no news is good news” may apply in some cases, a solid cybersecurity strategy relies on accurate, up-to-date information and regular monitoring to safeguard your organization’s digital assets.

Cybercriminals don’t always announce their crimes with flashy ransomware, and often work hard to ensure their unauthorized presence goes unnoticed as long as possible. Fortunately, intruders aren’t always great at covering their tracks. Here are a few signs that your network may not be as secure as you think.

Strange User Behavior on Your Network

Human beings are creatures of habit, which means that strange user behavior on your network may indicate something is amiss. With network traffic reporting, you can get a general idea of how each user goes about their daily tasks and better spot abnormal behavior.

For example, if you know that Jan from accounting always works from 7 am to 3 pm (so she can leave early to pick up her kids from school), and never works from home because her home network isn’t secure enough.

That means that when someone uses her account information to log onto the network from a strange IP address at 11 pm, it probably isn’t Jan and that her credentials have likely been compromised.

How to Protect Yourself

Network monitoring may seem like a hassle, or even invasive, but it can be incredibly helpful for noticing, and flagging, strange or uncharacteristic user behaviors.

Your Passwords Have Been Changed On You

If you’ve ever gone to log on and found out that your password (which you swear was correct) is no longer valid, then you may have an intruder on your network. A common tactic once a cybercriminal has gained access to someone else’s credentials is to change the password so that the authorized user no longer has access.

How to Protect Yourself

To help keep your password safe, make sure both you and your employees are choosing strong passwords. You may also want to consider a password manager, which allows you to pick one strong password to unlock your “vault” which stores all your other passwords, which can simply be long strings of random numbers, letters, and symbols. This means you only have to remember one password and helps ensure your password is hard to guess. However, like most things in life, password managers have their pros and cons, so weigh them carefully before making a decision.

You should also strongly consider dual-factor or multifactor authentication. This requires users to input not only their username and password but also a one-time code that is sent to an authorized device (such as a cell phone). This second layer of protection can help slow down or even prevent unauthorized use, and since the employee whose identity has been compromised will be notified when they receive the one time code, it can also help you spot potential intruders more quickly.

You’re Getting Strange Error Messages

If you’re getting strange or unrelated error messages while performing routine tasks, it may be a sign that an unauthorized user is accessing your device remotely.

How to Protect Yourself

To help keep unauthorized users off of your system, you should keep all your software up to date, and make sure that all employees download any security patches promptly. Unpatched software is particularly vulnerable to cybersecurity attacks because cybercriminals now know exactly where the vulnerabilities are in out-of-date software.

Computers on Your Network Are Suddenly Sluggish

If a previously lightning-fast computer, or computers, is suddenly slower than a dialup connection, it may be an indicator that something isn’t right. When relatively new computers crash, freeze or run slowly for no obvious reason, it may mean that malware or other unauthorized programs have been loaded onto your computer, siphoning off computing power for their own devices.

An in-progress hacking attempt may also be the culprit, particularly if the would-be intruder is hammering your server with requests, such as trying to brute-force their way in by trying different passwords or usernames.

How to Protect Yourself

Make sure your firewalls, anti-virus software, and all other software is patched and kept up to date. You should also choose strong passwords, and have monitoring in place to alert your IT or cybersecurity team to any repeated login attempts.

If your computer, or multiple computers, are suddenly choking up during even the most routine tasks, you should isolate those computers from the broader network until you can figure out what’s wrong. Look for malware or other suspicious activities and contact your trusted cybersecurity team for additional advice and assistance.

Your Firewall or Other Network Security Programs Have Been Disabled or Deleted

In the movies, when a jewel thief goes to steal a priceless gem from a heavily guarded vault, one of the first things they do is try to turn off or otherwise disable all those pesky security systems. A disabled firewall or deleted antivirus program is a huge red flag that someone may be trying to gain unauthorized access to your network.

How to Protect Yourself

To begin, make sure that only a select few employees (such as your IT department) can disable or delete critical programs such as antivirus software or firewalls. This helps ensure that other employees don’t accidentally expose their machines.

You should also do a regular audit of all the programs on each computer and your network, so you can notice right away if something is missing or deactivated. If you choose to outsource your cybersecurity, make sure you choose a team that offers managed firewall services, so they can let you know right away if they detect any suspicious activities.

There’s a Sudden Interest in Sensitive Files or Critical Systems

If you haven’t already restricted sensitive files or critical systems (such as financial records or your server) to only employees that actually require access, you should do so straight away. The fewer people that can access sensitive systems and files, the fewer potential attack vectors there are.

If you notice that a particular employee or group of employees is suddenly very interested in critical systems or sensitive files, or that an unidentified user is trying to gain access to anything best kept private, then there is a pretty good chance something is wrong. Either one or more employees have had their identities compromised, or are up to something nefarious, or an unauthorized user has managed to slip past your outer defenses and is slowly making their way to their target.

How to Protect Yourself

Keeping your cybersecurity programs up to date and insisting on strong employee passwords is a must, but so is ensuring that any compromised logins are changed and that only employees who absolutely need access to critical systems or sensitive files have that access.

You should also consider segmenting your network with internal firewalls to segment your network. This helps ensure that if an unauthorized user gains access to your network, they can’t move around easily. Separating your critical systems from the larger network using internal firewalls adds another layer of protection and can slow down or even thwart a cybersecurity attack if one occurs.

Customers & Peers Complain You’re Sending Spam

Email presents a unique cybersecurity risk, particularly if your organization relies on external email hosting (such as Gmail or Outlook). While you can take precautions to secure your network and other digital assets from intruders, you don’t have the same level of control over external systems and networks.

Cybercriminals know this and often target email servers specifically for that reason. If your co-workers, clients, or peers begin to complain that you’re sending out spam, it likely means that your email address, or the entire server, has been compromised.

How to Protect Yourself

Strong usernames and passwords play a role here, but you should also make sure you can trust that your email service provider takes cybersecurity as seriously as you do. You should also talk to your cybersecurity provider about email security solutions, which can be used to detect threats such as malware or malicious content.

You’re Getting Fake Antivirus Messages

Unfortunately, if you’re getting fake antivirus messages on your internal network, that means that your network has already been breached. The goal of this type of cybersecurity attack is typically to get unsuspecting users to click on something in the message. This then usually takes the user to a professional-looking website that claims to sell products to “clean” your computer for you.

If you go ahead and enter your payment details, you will not only compromise your computer further (assuming the programs, however malicious, are even real) but also your credit card and banking information.

How to Protect Yourself

If you encounter a fake antivirus message, sever your computer’s internet connection (either by unplugging your hard connection or turning off your wifi), shut down your computer, and contact either your cybersecurity team or IT department immediately. They will be able to take further steps to disinfect your computer.

You Find Unfamiliar Browser Toolbars or Programs

If you find a browser toolbar or program that you don’t remember adding, it is likely a sign that someone else has accessed your account or computer.

How to Protect Yourself

Keeping your browser up to date allows you to take advantage of any recent security patches. If you aren’t sure what a toolbar or program does, don’t open it. Instead, shut down your computer and contact your cybersecurity professional or IT department right away for further assistance.

Devices Are Switching Between Multiple Accounts 

While some cybercriminals can brute force their way onto a network (like picking the lock on the door), using usernames and passwords is always easier. However, using the same account repeatedly can make legitimate users suspicious, particularly if the user isn’t following their usual work patterns or if the owner of the compromised credentials discovers what has happened. As such, many cybercriminals will try to gain access to multiple accounts or use their stolen credentials to set up other accounts, which they can use instead.

How to Protect Yourself

Network monitoring can help you figure out if one particular device or IP address is switching between accounts, and help you determine what “typical” user behavior should look like. When something suspicious happens, you are more likely to catch it if you can tell it deviates from the norm.

Former Employees Are Still Logging On

As part of your offboarding process, you need to ensure that former employees have their credentials revoked. If you don’t, this could allow former employees with malicious intentions to access your network and critical systems. Cybercriminals may also look for dormant accounts that still have access since a former employee is less likely to notice if someone else is using their username and password.

How to Protect Yourself

Make sure that all dormant accounts are shut down and purged, and that all former employees are no longer able to access any of your systems.

Even a small red flag can point to a massive problem. To help ensure you catch any red flags, you may want to consider a cybersecurity provider. A good cybersecurity company will help you craft and implement robust cybersecurity strategies, monitor your network for suspicious activity, and help you contain or even avoid damages if a cybercriminal breaches your defenses.