In an ideal world, your company’s data should be viewed, modified, and managed only by those authorised to access it. However, the reality for many Australian businesses falls short of these expectations. Cybercriminals, rogue employees, and unwitting staff can compromise data at a moment’s notice.
What’s worrying is that many organisations that fall victim to a breach are unaware of unauthorised access to their data for weeks, if not months. During this time, unauthorised users could have stolen passwords, tampered with financial records, and destroyed precious proprietary information. Detecting a breach from day one is crucial to any company’s survival. To help you do that, we’ve compiled six warning signs that an unauthorised user has gained access to your data.
1. Unusual file changes
Unauthorised users who successfully manage to infiltrate your company’s network can do whatever they want with your data. They can modify the contents of sensitive files to benefit themselves, such as changing account numbers and financial information. Some cybercriminals may siphon large swaths of data, while others may delete them from your archives. Unless your organisation actively monitors these changes, the data breach could go undetected for long periods.
Microsoft’s data loss prevention (DLP) system monitors file activity in real-time, allowing you to spot changes indicative of a data breach. It logs every change made to critical documents and tracks who made the change and when. DLP even detects unusual file transfers and lets you set rules to prevent sharing sensitive information with unauthorised users.
2. Logins from unfamiliar places
A sure sign of a breach is when an account is accessed from an unknown location and device. Many online services track the IP address where you access the history and the device you’re using to access it. Online services notify the anomaly if there’s anything out of the ordinary concerning where the account was accessed. For example, you may be alerted that your Microsoft account was accessed from an unregistered tablet in Moscow when you’ve only ever used it through a work laptop in Sydney.
When there are suspicious logins, check account settings and remove any trusted devices you don’t recognise. You should also log out of all accounts from every location and change your passwords to prevent further damage.
3. Locked user accounts
Once cybercriminals have compromised an account, they’ll often change the password to lock out their victim. This technique buys cybercriminals time as they wreak havoc on your systems before anyone can respond and prevent further damage.
If users report that they cannot log in despite using the correct credentials, your IT team should review recent password changes. They should then reset any accounts suspected of being breached and train users to be more diligent with their passwords. Setting stringent password policies that enforce longer and more unique combinations can significantly prevent unauthorised users from gaining access.
Implementing multifactor authentication (MFA) will make it much more difficult for hackers to hijack user accounts. The technology requires users to provide additional forms of verification, such as one-time passcodes generated via a security app or a fingerprint scan. That means your account security doesn’t solely depend on the strength of your employees’ passwords.
4. Suspicious administrative user behaviour
If an unauthorised user gains access to administrator accounts, they essentially get unfettered control over everything in your system. They can elevate their access privileges, view highly classified information, and adjust security settings, leaving you vulnerable to attacks.
Viewing all users with a healthy degree of suspicion is the only way to spot whether someone is abusing administrative privileges. Keep an eye on who’s accessing sensitive information, making high-volume transactions, or changing permissions. If you believe privileged user accounts are compromised, it’s crucial to reconfigure access restrictions across the board. With Microsoft Azure Security Center, you can ensure every user has the minimum level of access necessary for their jobs, so they don’t misuse sensitive data.
5. Sluggish performance
Malware is a backdoor where unauthorised users can access your network and steal your data. Once the malware is fully installed and ready for use, it typically ‘phones home’ to establish contact with cybercriminals. Committing this and other further actions consume computing resources in the background. This means that if devices run slower than usual, there could be malware embedded in your system. Similarly, malware may be present if your device seems to overheat and go through its battery cycle much faster than usual.
To check if programs run in the background, using up processing power, go to Activity Monitor or Task Manager. Then, run a full system scan with anti-malware software to look for signs of infection and remove the malware. Finally, update your security software to reduce the chances of data-stealing malware taking root in your systems.
6. Abnormal device activity
Besides sluggish performance, data breaches may be in progress when your devices execute actions you didn’t initiate. These actions can include pop-up messages, fake antivirus alerts, unknown apps installed on the device, and browser tabs automatically opening suspicious sites. Your devices may even open applications randomly or reboot without any prompting.
If you suspect a device has been compromised, your priority should be to isolate the device from the company network. This primarily involves denying the device from accessing sensitive files by setting specific DLP policies. Employees should avoid using the potentially compromised device until security experts have mitigated the threat.
While protecting data from unauthorised access is a critical task, it can also be rather complicated. That’s why you need support from Empower IT. As Australia’s leading managed IT services provider, we can help you implement a well-rounded data security framework. From setting up DLP policies to proactively monitoring your systems, we’ll ensure the right people are accessing your data. Call us today to get started.