Protect your business online
Detect spam, malware and virus attacks
Spam, viruses and other malware can have a damaging effect on your business. It is important to understand how to detect an attack and recover your systems following the incident. It is also important to keep an eye on the latest cyber threat alerts or subscribe to the Early Warning Service from the National Cyber Security Centre (NCSC) to learn of potential cyber attacks on your business network.
How to detect spam
Spam is unsolicited communication that now makes up the majority of email traffic. Your internet service provider should offer you spam filtering as a default feature of your dedicated email service.
Spam filters detect unwanted emails based on suspicious word patterns and other clues, and divert them to a separate folder or mailbox after classifying them as spam. You can buy separate spam filters or programs to reduce the spam you receive and securely manage your inbox. See how to protect your business against phishing.
How to detect a virus or malware
Common signs of virus or malware infection include:
- system slowing down
- unexpected activity on your machine or pop-up messages
- email server becoming overloaded or intermittent
- data files becoming corrupt or going missing
- unexpected changes in the content of your files
If you notice these signs and suspect a problem, use your security software to diagnose the issue. Your software provider may be able to offer you advice. Read more about cyber security breach detection.
Virus or malware recovery
If a virus has infected your system, follow these five basic recovery steps:
1. Tell everyone who needs to know
If the virus is spread through email, tell everyone with an email account on the infected system as quickly as possible. If there is a specific file attachment that contains the malicious virus program, name it.
2. Quarantine infected machines
As soon as possible, disconnect infected computers from any internal or external networks. Do not reconnect until after you remove the virus.
3. Organise a clean-up operation
Use your anti-virus software to scan all computers and files to check if the virus has spread. If you can't remove the virus or malware, you may need to restore your computer files from a recent backup. In extreme cases, it may be more practical to wipe the infected computer, reinstall the operating systems and restore your files from a recent, clean backup. If necessary, contact your software supplier for specific advice.
4. Make sure there are no re-infections
Carry out emergency security measures and inform the users that clean-up is underway. Ensure that additional patches are in place to prevent re-infection.
5. Manage outgoing email traffic during the crisis
Use whatever facilities you have to prevent the transfer of the virus via email. Consider closing down the outgoing mail service.
Read NCSC's detailed guidance on how to recover an infected device.
Cyber attacks are almost inevitable, so the speed at which you react to an incident is critical. You should plan, develop and test a cyber security incident response plan to help you deal with security incidents quickly and efficiently.
The NCSC provides a free 'Exercise in a Box' online training tool to help you test and practise your response to a cyber attack.