What To Do If Your Business Email Gets Hacked
- by Brittany Day
Many businesses worry about cybersecurity and train staff to recognize phishing attacks and scams. However, companies often do not consider the possibility of their email accounts getting hacked.
Suppose you think about how much information about your company, employees, and customers or clients flows through your email daily. In that case, it’s easy to see how disastrous a hacked email account could be for a business.
As a business, your priority should be to maintain a healthy and secure email account and ensure that sensitive information is never sent through email – certainly not in a single email if it absolutely has to be sent this way. This way, if you get hacked, the amount of information the criminal can acquire will be limited.
However, if your email is hacked, your priority should be to make your account secure again, assess the damage done, and take steps to decrease the chances of it happening again.
What Are the Tell-Tale Signs That My Email Account Has Been Hacked?
You might not know that your account has been hacked. Of course, if you go to log in and your password doesn’t work, that could be the first red flag. All employees should be trained in what to do in these circumstances and know what protocols to follow. There should be a main point of contact to report to, and email should be shut down to all employees until the situation has been assessed.
This will mean that much work must stop and pass on delays to clients. However, it is quicker to come to a complete halt and reestablish a secure system than to try to deal with larger repercussions caused by keeping the email system available.
You only know your email has been hacked because you start getting replies from people asking if emails came from you, as they are out of character, or asking for details you would not normally request because you know them already.
A criminal can use your email address as the return address to send spam emails or phishing attacks. This type of use does not necessarily mean that your entire email system has been compromised and that criminals have access to your contact lists, emails, and passwords. However, large amounts of emails ‘from’ one account are usually flagged as suspicious; people will also report spam and flag your email. Overall, this will mark your email account as a spam sender and cause difficulties in sending out your legitimate email (not to mention trying to clean up your account from all the failed deliveries, etc.). You will need to discuss options with your email provider or IT department, but other than white-listing your email account every few months, little can be done.
Your email address is also usually the route to your business social media accounts, so if people see strange posts from you on there, especially promoting items from questionable sources, this is another red flag and can cause a large amount of reputational damage. If you start getting password reset requests you didn’t make, it’s time to ask for help. Your staff should be fully trained in what to do in all of these situations.
If none of these tell-tale signs are apparent, but you notice that your device is running slowly or erratically, this could be a sign that you have malware on one of your devices. It could be tracking keystrokes to find your personal data, so you should check your device out or alert your work IT department that there may be a problem.
How Was Your Email Account Hacked?
As mentioned briefly, your email account could have been hacked in many ways, but most people assume the only way is via user error. Of course, plenty of people fall victim to phishing or spear phishing attacks, but there are other ways in which your account could have been compromised.
You might also have forgotten to sign out of a device used by others, and malicious hackers could have gotten in that way. But if you use your own device, this is likely only if you leave it unattended and unlocked.
Your WiFi Was Hacked, Or Your Details Have Been Sold
Your WiFi network, or one you use in a public place, may have been hacked. This might involve a man-in-the-middle attack where your details are intercepted as you log in. It is important to inform staff where and when they cannot access work networks.
Equally likely is that hackers have acquired your details as part of a data breach elsewhere. They could have harvested the details through one of their own attacks or bought your details along with many others on the Dark Web.
What Can A Hacker Do With Your Email Account?
The first and most obvious thing that a hacker can do once they have control of your account is to use it to try and gain information about your business or your clients and customers. You should immediately let all your contacts know that there has been a breach and be wary of any emails supposedly coming from you. You will also need to keep them updated to keep their confidence that you are handling the matter seriously and appropriately.
Damage To Business Reputation
The fact that your email has been hacked could damage your business reputation, especially if that hack has compromised other accounts. You will need to invest money into repairing any damage, such as improving your IT systems, improving staff training, and increasing your marketing to remedy any press fallout. To protect yourself from some of these costs, it is vital to get full coverage for small business owners, which includes cyber insurance. This could be helpful in any matters arising from your email account getting hacked, so it should be considered a ‘must have’ alongside any other business insurance that gets taken out.
What Should I Do When My Email Account Is Hacked?
If you are locked out, you must regain control of your account, which must be done by contacting your email provider and working with your IT department. Once you regain control of your account, you must ensure all networked equipment is scanned for malware.
Start By Changing Your Password
Once that is done, you should change your password and ensure a strong password policy for all employees. If you have an IT professional to hand, they will advise you on how to create a strong password, but there are some standard rules you should follow.
- You need to make this password unique, so do not copy any other passwords you might have.
- Do not let it relate to details easily gleaned from social media.
- Use more than the minimum number of characters – if it says at least 8, go for 12 or 14 – and remember to have capital letters and special characters in as requested.
- Change it regularly.
Check Your Email Settings
If your email account has been hacked, the hacker might have changed your settings so that all of the email intended for your inbox gets forwarded to a different account. You can check this by going into your account settings and checking to see if an auto-forward has been put in place and unsetting it if one is there.
Let Everyone Know
Some people might have already found out the hard way, but you should let everyone else know you have been hacked so they can run checks themselves. This will also warn them to be especially vigilant regarding any email from your business.
Check Your Other Accounts With The Same Password
If you are one of the 53% of people who admit they use the same password for multiple accounts, then you need to check all of them to ensure they haven’t been compromised, too. If you have an IT department, they should be able to organize this for you, but if you do not, then use a password manager.
Check Your Bank Account And Set Up Credit Monitoring
This is probably the most stressful part of the process, but it is essential nonetheless. Hackers could have used that to access other applications like your bank details if your email account has been compromised. This could mean that purchases or subscriptions might be taken out using these details.
There could even be unauthorized loans, fraudulent credit agreements, and other activity, and by monitoring your credit score and report, you will be able to see any applications made in your name. If you didn’t make them, you should report them to your bank and whichever agency deals with identity theft wherever you happen to be.
What Measures Can I Put In Place To Decrease The Chances Of My Business Email Being Hacked Again?
It might not have been your fault that your email got hacked, but there are some things you can do to prevent any future hacks.
Opt For MFA (Multi-Factor Authentication) On Your Devices
You might already be familiar with this process, as you could have used it for other purposes like logging into your Amazon account. In a nutshell, this involves having a code sent via a different method (typically a four or 6-digit code sent by text) that you must enter to log in. Other forms of MFA include fingerprints or a swipe card in a reader on the side of your laptop. Setting this up for your employees’ technology will be longwinded but worthwhile.
Get Further Education Regarding Different Types Of Cyberattacks
Sadly, cybercriminals are getting increasingly devious and finding new ways to hack accounts and carry out attacks. You can be more aware of what they are up to by taking a refresher in your workplace end-user education program or seeking out the information privately.
Keep Learning About Securing Your Business Email Against Malicious Hackers
It might not be your fault that your email account was hacked – but you still need to deal with it responsibly. Once they have access to your account, hackers can use that information to access everything related to your business if you haven’t been careful.
The first step is to regain control of your account and then change your password and any other that could be compromised. You should also put financial monitoring in place to see if this hack has led to identity theft. Finally, you should beef up your security with a robust cloud email security solution to reduce the chances of it happening again and let your contacts know so they can take action, too.
- Implementing a comprehensive email security system can help prevent advanced threats, such as targeted spear phishing and ransomware.
- Keep the integrity of your email safe by securing the cloud with spam filtering and enterprise-grade anti-spam services.
- By following these best practices, you can improve your email security posture to protect against cyberattacks and breaches.
- Get the latest updates on how to stay safe online.
In this article...
Must Read Blog Posts
- Demystifying Phishing Attacks: How to Protect Yourself In 2024
- What You Need to Know to Shield Your Business from Ransomware
- Shortcomings of Endpoint Security in Securing Business Email
- Microsoft 365 Email Security Limitations You Should Know
- Email Virus - Complete Guide to Email Viruses & Best Practices
- How Phishing Emails Bypass Microsoft 365 Default Security
Latest Blog Articles
- Artificial Intelligence: A Powerful Tool and A Growing Threat for Cybercriminals
- Cyber Law in the Realm of Open-Source Software Security
- Guide To Avoiding the Growing Threat of QR Code Phishing
- Cyber Threat Hunting with Observability: Uncovering Hidden Risks
- Practical Advice for Securing IoT Email Against Hackers
- Email Phishing and ISO 27001: How to Mitigate the Risk of an Attack
- Demystifying Phishing Attacks: How to Protect Yourself in 2024
- 5 Email Security Resolutions Every CIO Should Make in 2024
- Email Security Guide for Waste Management Companies
- Complete Guide to Business Email Security