In an ideal world, your company’s data should be viewed, modified, and managed only by those authorised to access it. However, the reality for many Australian businesses falls short of these expectations. Cybercriminals, rogue employees, and unwitting staff can compromise data at a moment’s notice. In fact, according to a recent report by the Office of the Australian Information Commissioner, there were 539 breaches reported between July and December 2020.
What’s worrying is that many organisations that fall victim to a breach are unaware of unauthorised access to their data for weeks, if not months. During this time, unauthorised users could have stolen passwords, tampered with financial records, and destroyed precious proprietary information. Being able to detect a breach from day one is therefore crucial to any company’s survival. To help you do just that, we’ve compiled six warning signs that an unauthorised user has gained access to your data.
1. Unusual file changes
Cybercriminals who successfully manage to infiltrate your company’s network can do whatever they want with your data. They can modify the contents of sensitive files to benefit themselves, such as changing account numbers and financial information. Some cybercriminals may siphon large swaths of data, while others may simply delete them from your archives. Unless your organisation is actively monitoring for these changes, the data breach could go undetected for long periods of time.
Microsoft’s data loss prevention (DLP) system monitors file activity in real time, allowing you to spot changes indicative of a data breach in progress. It logs every change made to critical documents and tracks who made the change and when. DLP even detects unusual file transfers and lets you set rules to prevent sharing of sensitive information to unauthorised parties.
2. Logins from unfamiliar places
A sure sign of a breach is when an account is accessed from an unknown location and device. Many online services today track the IP address where you access the account and the device that you’re using to access it. If there’s anything out of the ordinary with regard to where the account was accessed, online services notify the anomaly. For example, you may be alerted that your Microsoft account was accessed from an unregistered tablet in Moscow when you’ve only ever used it through a work laptop in Sydney.
When there are suspicious logins, check account settings and remove any trusted devices you don’t recognise. You should also log out all accounts from every location and change your passwords to prevent further damage.
3. Locked user accounts
Once cybercriminals have compromised an account, they’ll often change the password to lock out their victim. This technique buys cybercriminals time as they wreak havoc on your systems before anyone can respond and prevent further damage.
If users report that they’re unable to log in despite using the correct credentials, your IT team should review recent password changes. They should then reset any accounts suspected of being breached and train users to be more diligent with their passwords. Setting stringent password policies that enforce longer and more unique combinations can greatly prevent unauthorised access.
More importantly, implementing multifactor authentication (MFA) will make it much more difficult for hackers to hijack user accounts. The technology requires users to provide additional forms of verification such as one-time passcodes generated via security app or a fingerprint scan. That means your account security doesn’t solely depend on the strength of your employees’ passwords.
4. Suspicious administrative user behaviour
If an unauthorised user gains access to administrator accounts, they essentially get unfettered control over everything in your system. They can elevate their access privileges, view highly classified information, and adjust security settings, leaving you vulnerable to attacks.
The only way to spot whether someone is abusing administrative privileges is to view all users with a healthy degree of suspicion. Keep an eye on who’s accessing sensitive information, making high-volume transactions, or changing permissions. If you have reason to believe that privileged user accounts are compromised, it’s important to reconfigure access restrictions across the board. With Microsoft Azure Security Center, you can ensure every user has the minimum level of access necessary for their jobs so they don’t misuse sensitive data.
5. Sluggish performance
Malware serves as a backdoor where hackers can access your network and steal your data. Once the malware is fully installed and ready for use, it typically ‘phones home’ to establish contact with cybercriminals. Committing this and other further actions consume computing resources in the background. This means that if devices run slower than usual, there could be malware embedded in your system. Similarly, malware may be present if your device seems to overheat and go through its battery cycle much faster than usual.
To check if there are programs running in the background using up processing power, go to Activity Monitor or Task Manager. Then, run a full system scan with anti-malware software to look for signs of infection and remove the malware. Finally, update your security software to reduce the chances of data-stealing malware taking root in your systems again.
6. Abnormal device activity
Besides sluggish performance, data breaches may be in progress when your devices are executing actions that you didn’t initiate. These actions can include pop-up messages, fake antivirus alerts, unknown apps installed on the device, and browser tabs automatically opening suspicious sites. Your devices may even open applications randomly or reboot without any prompting.
If you suspect a device has been compromised, your first priority should be to isolate the device from the company network. This primarily involves denying the device from accessing sensitive files by setting specific DLP policies. Employees should also avoid using the potentially compromised device until security experts have mitigated the threat.
While protecting data from unauthorised access is an incredibly important task, it can also be rather complicated. That’s why you need support from Empower IT. As Australia’s leading managed IT services provider, we can help you implement a well-rounded data security framework. From setting up DLP policies to proactively monitoring your systems, we’ll make sure your data is being accessed by the right people. Call us today to get started.