Protect your business online

Detect spam, malware and virus attacks


Spam, viruses and other malware can have a damaging effect on your business. It is important to understand how to detect an attack and recover your systems following the incident.

Recently, there has been an increase in malicious cyber activity - including ransomware - relating to COVID-19. You should take steps to protect yourself and your business against these threats.

Check NCSC weekly threat reports and the advisory on cyber exploitation of the coronavirus pandemic.

How to detect spam

Spam is unsolicited communication that now makes up the majority of email traffic. Your internet service provider should offer you spam filtering as a default feature of your dedicated email service.

Spam filters detect unwanted emails based on suspicious word patterns and other clues, and divert them to a separate folder or mailbox after classifying them as spam. You can buy separate spam filters or programs to reduce the spam you receive and securely manage your inbox. See also how to protect your business against phishing.

How to detect a virus or malware

Common signs of virus or malware infection include:

  • system slowing down
  • unexpected activity on your machine or pop-up messages
  • email server becoming overloaded or intermittent
  • data files becoming corrupt or going missing
  • unexpected changes in the content of your files

If you notice these signs and suspect a problem, use your security software to diagnose the issue. Your software provider may be able to offer you advice. See more on cyber security breach detection.

Virus or malware recovery

If a virus has infected your system, follow these five basic recovery steps:

1. Tell everyone who needs to know - if the virus is spread through email, tell everyone with an email account on the infected system as quickly as possible. If there is a specific file attachment that contains the malicious virus program, name it.

2. Quarantine infected machines - as soon as possible, disconnect infected computers from any internal or external networks. Do not reconnect until after you remove the virus.

3. Organise a clean-up operation - use your anti-virus software to scan all computers and files to check if the virus has spread. If you can't remove the virus or malware, you may need to restore your computer files from a recent backup. In extreme cases, it may be more practical to wipe the infected computer, reinstall the operating systems and restore your files from a recent, clean backup. If necessary, contact your software supplier for specific advice.

4. Make sure there are no re-infections - carry out emergency security measures and inform the users that clean-up is underway. Ensure that additional patches are in place to prevent re-infection.

5. Manage outgoing email traffic during the crisis - use whatever facilities you have to prevent the transfer of the virus via email. Consider closing down the outgoing mail service.

See how to recover an infected device.

Cyber attacks are almost inevitable, so the speed at which you react to an incident is critical. A cyber security incident response plan will help your business respond to security incidents quickly and efficiently.

To help you prepare for and plan your response to a cyber incident, see also the NCSC's small business guide to response and recovery.

You can also test and practise your response to a cyber attack with the help of the NCSC's Exercise in a Box online training tool.