1. Customers report that Google and security solutions categorize your website as suspicious or malicious
A domain or an IP address has a low reputation and eventually is blacklisted if it sends spam or it hosts malicious software or malicious web content. Almost all browser these days have domain and IP reputation built-in and shared among vendors.
This means that if your domain is on a URL black list all users of these browsers (IE, Chrome, Firefox, Opera, Safari) will be warned or even stopped from visiting your website.
Check the respective website if it was hacked or if it hosts some suspicious pages. Remember that the malicious content must not necessarily be visible or index from the main website.
It can be that some spam campaign is referencing it and this is why your asset gets flagged.
Assuming it is not a false positive, you must contact your ISP or web hoster and clarify the situation. They usually know how to restore the reputation of the domain. Remember though, that it might take quite a while
until all services have removed your domain from their blackists.
2. Customers report that your emails are marked as spam, or that they receive unsolicited emails from you or that they never receive your emails
Antispam services use the reputation of a domain and email address to detect if it sent spam at some point. If the reputation is low, then there is a danger that
the emails sent from that domain/email address will be marked as spam. Depending on the configuration of the filter, the emails might be marked as spam, delayed, moved to spam folder or not delivered at all.
The best way to prevent something like this to happen to your email address and domain is to regularly monitor who accessed your account, keep a close look on the Sent items to see if there is something sent without your approval.
It is also important to enable two-factor authentication in order to prevent unauthorized access to your account.
3. Computers in the company are running very slow
If computers are running suddenly very slow, it might be because they have malicious software installed.
These computers are usually called bots (remotely controlled computers) and are part of a botnet (bot network).
You should check if all computers are running antivirus software and disconnect from network and clean those with reported infections.
Most of the time the bots are downloading additional malicious software, which increases the load on the computers and network even more.
The bots are no longer running what the user of the computer wants, they run the software that the bot master decides.
Sometimes the bots are badly programmed and they create an increased CPU load on the computer, produce crashes, utilize the entire RAM.
This is why it is always a good idea to constantly run antivirus software and clean up the junk produced by programs using specialized programs.
4. Your company network has suddenly became very slow
If internal shares or websites are very suddenly very slow, it might be because several computers have malicious software installed and download additional malware.
Same advices as above apply: run antivirus software and keep an eye on where the traffic goes.
5. Your website gets more traffic than usual
If this happens without a reason, this is usually a sign of hosting malicious websites that get referenced in spam emails.
This is actually a distributed denial of service. The best thing to do is to perform an audit on the server(s) that host the website and look for signs of hacking or foreign files.
6. You can’t remember last time when you updated the software on company’s computers
These days most threats come by exploiting vulnerabilities in common software like Adobe Reader, Flash, browsers and so on.
Not patching these is like leaving the windows to your home wide open.
7. Employees are working remotely and need to access the corporate network
If you have employees that travel or work remotely and they need a VPN connection to the office, then you must make sure that the access credentials don’t get misused.
Use two-factor authentication for accessing the VPN and make sure that the there are password policies in place. Encrypting the laptops and the devices that access the network is also a good idea.
Use a solution that implements Network Access Protection / Network Access Control (NAP / NAC) so that you can enforce a certain security level on those devices.
8. Your workstations hold company critical data
If your employees’ workstations store critical data then you should immediately take measures to move that data from there.
If you can’t, then make sure that the workstations are secured, backuped and the employees are instructured on how to work with the delicate data.
9. Your company deals with credit cards, health care data or person identifiable information (PII)
Financial and health care information are strictly regulated so you must make sure that you employ knowledgeable people and secure all your physical and virtual premises.
You must implement certain security standards and respect the country specific regulations.
10. You use cloud services to store and manipulate company critical data
These days it is sometimes cheaper to rent online space than to maintain your own servers. However, only few know that once you upload/store data in the cloud, not only you own that data anymore.
The cloud service provider owns the physical hardware where your data is stored. This is why it is critical to store any confidential data encrypted.
Is your business in one of these situations?
If you think you are, and you need help to assess the situation and fix the issues, I can help !
Just let me know – I am available for hire as independent consultant.
All these and many more topics are in the free eBook "Improve your security" available here: www.improve-your-security.org.