Recognising early warning signs and acting quickly can reduce the impact of an attack.

Many security incidents begin with subtle changes in normal activity.

Examples may include:

• Accounts becoming inaccessible.
• Passwords changing unexpectedly.
• Emails sent from your account without your knowledge.
• Systems becoming unusually slow or unstable.
• Unknown software appearing.
• Login alerts from unfamiliar locations.

If you suspect a device has been compromised:

• Disconnect it from Wi-Fi or the network.
• Avoid logging into additional accounts from that device.
• Do not install unknown tools or follow instructions from unsolicited callers.
• Make notes of what you observed and when it happened. 

Reducing connectivity helps prevent further unauthorised activity.

Prioritise accounts linked to sensitive data or financial access.

Examples include:

• Email accounts.
• Banking and payment services.
• Cloud storage.
• Business administration portals.

Where possible:

• Change passwords from a separate trusted device.
• Enable multi-factor authentication.
• Review login activity.

A compromised system may show signs that files or data have been altered or encrypted. 

Watch for:

• Missing or renamed documents.
• Files that can no longer be opened.
• Unexpected system warnings.
• Ransom messages.
• New user accounts created without authorisation.

Cyber incidents often target financial processes.

Check for:

• Payment details being changed.
• Invoices redirected to new bank accounts.
• Unexpected transactions.
• Supplier emails requesting urgent payment updates.

If financial systems may be affected, contact the relevant provider directly.

Once the situation is stabilised:

• Update operating systems and software.
• Ensure security tools are active and current.
•  Review password security across all accounts.
• Confirm backups are functioning correctly.

Ongoing monitoring can help identify further suspicious activity.