Has My Business Email Account Been Hacked?
- You can’t access your account.
- Someone sent out emails or wrote posts that you didn’t write.
- Your anti-virus or anti-malware software is turned off.
- You notice browser extensions or other software installs that you didn’t initiate. Extensions are mini-software programs that essentially extend your web browser with features and other services, such as Google Calendar or 1Password, a password manager program.
- You are getting a ton of popup ads when using your small business internet or across programs.
- You’ve noticed unauthorized transactions on your financial accounts.
1. If you still have access to the account, change your password.
Remember to have strong passwords that contain a mixture of uppercase and lowercase letters, numbers and symbols. Best practice also calls for you to change the passwords of your other online accounts — social media platforms, customer relationship management systems and others.
2. If you don’t have access to the account, regain control.
If you are locked out of your account, press the “forgot my password” link, and answer your secret questions. You can also get back into your account by using your backup email address.
3. Review activity on all sensitive accounts.
Most email services allow you to check where that account is currently logged in, from the city down to the device. If one of those is not you, the services will give you an option to kick off that login and walk through securing your account. Go ahead and check whether there are any other browser extensions or apps now attached to your internet or your computer that you didn’t install.
And if that email address is tied to other accounts, like banking or customer relationship management, contact those companies and review activity on those accounts as well. If you find something fishy, report it immediately.
4. If you notice that a hacker took personal information, whether consumer or employee, tell them.
Once you know that a hacker went off with customer information, you are required by law to tell the affected customers. The length of time between finding the breach and telling customers differ by state, but many recommend you do so immediately, even if you don’t know all the answers yet. You may also want to inform all your customers about the breach — how it occurred, what you’re doing to fix it and what customers can do if they worry about their own information.
5. Scan your work devices for viruses and malware, and eliminate the threats.
Your email may have been compromised through malware. You should be scanning your computer regularly for viruses or malware, but do it once more after a suspected attack.
Get rid of the issue, even if it means shutting down your website temporarily or buying new computers. If you’re not sure how to root out the issue, consider enlisting IT professionals.
6. Learn from your mistakes.
Know how the mistake occurred, and educate yourself and your employees about the matter. Also, take another look at your security plan, and update it with new prevention methods. As an example, put into writing a policy that mandates all employees use two-step verification to log into business email accounts.
And hopefully, you have created backups of your important information — and updating the backup regularly. That way, should your accounts be compromised, you can at least get back to that data as it was before the breach.