Detect spam, malware and virus attacks
How to detect virus, malware or spam attacks, and what to do if your business has been affected.
Spam, viruses and other malware can seriously disrupt your business. The sooner you spot an attack, the faster you can limit the damage and recover your systems.
How to detect spam
Spam is unwanted email. It makes up a large share of email traffic, and many providers now filter it automatically.
Spam filters can:
- block suspicious messages before they reach inboxes
- move likely spam into a separate folder or mailbox
- reduce the risk of staff clicking on malicious link or attachment
To securely manage your inbox, use good spam filtering and follow phishing advice to reduce risk.
How to detect a virus or malware
Common signs of a virus or malware infection include:
- system slowing down
- unexpected activity on your machine or pop-up messages
- email server becoming overloaded or unreliable
- data files becoming corrupt, going missing or changing
- strange messages being sent from your accounts
If you notice these signs, use your security software to investigate the issue. Your software provider may also be able to help. Read more about cyber security breach detection.
How to recover from a virus or malware
If a virus or malware infection has affected your business, follow these five steps:
1. Tell everyone who needs to know
If the virus is spread through email, tell everyone with an email account on the infected system as quickly as possible. If there is a specific file attachment that contains the malicious virus program, name it.
2. Disconnect affected devices
As soon as possible, disconnect infected computers from any internal or external networks to stop malware spreading further. Do not reconnect until after you remove the threats.
3. Clean the system
Run anti-virus or anti-malware scans across affected devices to detect and remove infections. If scans fail to remove the threat, restore files from a recent clean backup. In some cases, you may need to wipe the infected device completely, reinstall the operating systems, and recover data from confirmed pre-infection backups.. If necessary, contact your software supplier for specific advice.
4. Prevent re-infections
Carry out emergency security measures and inform users that clean-up is underway. Apply all available patches and updates to fix known security gaps and close vulnerabilities that could allow re-infection. Change all passwords, including for unused accounts, as malware may have stollen credentials. Enable firewalls and real-time protection tools, and scan removable media like USB drives before use.
5. Control email traffic during the crisis
Use whatever facilities you have to prevent the virus spreading further. Scan inbound and outbound traffic for malware, and disable auto-forwarding or previews. Consider temporarily pausing outgoing email until systems are clean, and direct staff to use secure alternatives like phone or encrypted chat for urgent needs.
Prepare your business for a cyber attack
Cyber attacks are almost inevitable, so the speed at which you react to an incident is critical. Find tips to help you plan, develop and test a cyber security incident response plan.
You can also read the National Cyber Security Centre’s (NCSC) guidance on recovering an infected device and use their tools to strengthen your defences:
- 'Exercise in a Box' online training tool to practice your response
- Check your cyber security service to find common weaknesses in your system
Finally, stay informed via NCSC's cyber threat alerts or subscribe to their Early Warning Service for updates on potential cyber attacks that could affect your business network.