Protect your business online

Detect spam, malware and virus attacks


Spam, viruses and other malware can have a damaging effect on your business. It is important to understand how to detect an attack and recover your systems following the incident. It is also important to keep an eye on the latest cyber threat alerts or subscribe to the Early Warning Service from the National Cyber Security Centre (NCSC) to learn of potential cyber attacks on your business network.

How to detect spam

Spam is unsolicited communication that now makes up the majority of email traffic. Your internet service provider should offer you spam filtering as a default feature of your dedicated email service.

Spam filters detect unwanted emails based on suspicious word patterns and other clues, and divert them to a separate folder or mailbox after classifying them as spam. You can buy separate spam filters or programs to reduce the spam you receive and securely manage your inbox. See how to protect your business against phishing.

How to detect a virus or malware

Common signs of virus or malware infection include:

  • system slowing down
  • unexpected activity on your machine or pop-up messages
  • email server becoming overloaded or intermittent
  • data files becoming corrupt or going missing
  • unexpected changes in the content of your files

If you notice these signs and suspect a problem, use your security software to diagnose the issue. Your software provider may be able to offer you advice. Read more about cyber security breach detection.

Virus or malware recovery

If a virus has infected your system, follow these five basic recovery steps:

1. Tell everyone who needs to know

If the virus is spread through email, tell everyone with an email account on the infected system as quickly as possible. If there is a specific file attachment that contains the malicious virus program, name it.

2. Quarantine infected machines

As soon as possible, disconnect infected computers from any internal or external networks. Do not reconnect until after you remove the virus.

3. Organise a clean-up operation

Use your anti-virus software to scan all computers and files to check if the virus has spread. If you can't remove the virus or malware, you may need to restore your computer files from a recent backup. In extreme cases, it may be more practical to wipe the infected computer, reinstall the operating systems and restore your files from a recent, clean backup. If necessary, contact your software supplier for specific advice.

4. Make sure there are no re-infections

Carry out emergency security measures and inform the users that clean-up is underway. Ensure that additional patches are in place to prevent re-infection.

5. Manage outgoing email traffic during the crisis

Use whatever facilities you have to prevent the transfer of the virus via email. Consider closing down the outgoing mail service.

Read NCSC's detailed guidance on how to recover an infected device.

Cyber attacks are almost inevitable, so the speed at which you react to an incident is critical. You should plan, develop and test a cyber security incident response plan to help you deal with security incidents quickly and efficiently.

The NCSC provides a free 'Exercise in a Box' online training tool to help you test and practise your response to a cyber attack.

You can also use the NCSC's free Check your cyber security service to perform a range of simple online checks to identify common vulnerabilities in your public-facing IT.