What are 7 warning signs that my computer has been hacked?

Ralph Estep Jr.
00:00:00

Have you ever woken up to find your computer screen locked with a message demanding thousands in Bitcoin? Well, that's exactly what happened to Katherine, a small business owner I worked with last year. Her entire life's work gone in an instant.

So stay with me today as I reveal how this cyber nightmare nearly destroyed her business and more importantly, how you can protect yourself from becoming the next victim. What are the 7 warning signs that your computer has been hacked? I'm going to answer that today.

Podcast Announcer
00:00:32

Welcome to the Ask Ralph podcast where listening to an experienced financial professional with over 30 years of experience can help you make sense of confusing questions, current headlines and industry trends about taxes, small business, financial decision making, investment strategies, and even the art of proper budgeting. Ask Ralph makes the complex simple by sharing his real world knowledge from a Christian perspective with all things financial.

Now here's your Host, Ralph Estep Jr.

Ralph Estep Jr.
00:01:02

Thank you for joining me today. I am truly blessed to have you here as we tackle another crucial topic. Listen, this topic affects both our financial well-being and our faith walk. If you missed yesterday's show, we had an enlightening discussion about choosing between credit unions and traditional banks. Spoiler alert: I prefer credit unions. But we uncovered some eye-opening truths about how your banking choices can align with your Christian values and stewardship principles. If you missed it, I encourage you to go check it out.

Let me share this heartbreaking message from Michael. Michael comes to us from Atlanta. This is what he wrote: "Ralph, I'm writing this email at 2:00 AM, my hand shaking as I type. Last Saturday, our church lost everything—years of ministry records, financial documents, and our entire congregation database—all because of a cyberattack. Our pastor was in tears, and I can't get that image out of my mind. What terrifies me more is that I run a small Christian counseling practice, storing sensitive information about hundreds of families who've trusted me with their deepest struggles. Every night, I lie awake, wondering if I'm next. Just yesterday, my computer started acting strange, and my heart nearly stopped. My wife says I'm becoming paranoid, but after seeing what happened to our church, I can't help but think about the devastating impact a cyberattack would have—not just on my business, but on the vulnerable people who put their trust in me. Ralph, I need your guidance. How can I protect myself and my business? What signs should I watch out for? I feel like I'm carrying the weight of not just my family's financial security but the privacy and trust of every client God has brought into my practice."

Michael, that's a great question and a great one to tackle on what I typically call Technology Tuesday. It is a struggle to protect your business in this digital age. And yes, you're absolutely right: people have placed their trust in you, just like they place their trust in me. We have to be hypervigilant. We don't want to let them down. Just like our finances, our digital security requires both wisdom and vigilance.

You know, my God always liked to ground ourselves at the beginning of our discussion in God's word. I found a scripture that calls into this idea of vigilance in all aspects of our lives. It talks about guarding our hearts and guarding our digital assets, which is a reality in our world. It comes to us from the book of Proverbs 4:23. This is what it says. Probably a lot of people knew this one: Above all else, guard your heart. For everything you do flows from it.
Think about that for a second. In today's digital age, this wisdom extends to protecting our digital lives as well.

You know, Michael, your question provoked me to do some research, and I found some sobering statistics. It reminded me why your concerns are so valid. Small businesses like yours lose an average of $200,000 per ransomware incident. Sixty percent end up closing their doors within six months of an attack—it’s that devastating.
Last year, cybercrime cost Christian organizations and churches $180 million, with the average data breach costing small ministries $120,000. I don't know about your church, but our church couldn't handle an attack like that. Seventy-one percent of ransomware attacks target small businesses like yours, Michael, because cybercriminals know you're less likely to have robust protection.

You said you do counseling. Think about this—it’s devastating. Eighty-seven percent of business owners who experience a cyberattack report severe anxiety and depression in the following months. The average recovery time after a cyberattack is 287 days. That's nearly a full year trying to rebuild what was lost. Ninety-two percent of victims never fully recover all their data, even after paying the ransom.
Most shockingly, 60% of cyberattacks specifically target faith-based organizations because criminals know they have limited IT resources. See these, Michael, these aren't just numbers. They represent real people, real ministries, and real families whose lives have been turned upside down.

Just like Katherine, who I'll tell you about in a moment, these are people who thought they were too small to be targeted or too careful to be caught. They figured this was something for big hospital chains or large organizations. The combination of financial devastation and broken trust can shake even the strongest faith. I don't care how rock-solid your faith is—this financial devastation and broken trust will rock you to the core.

That’s why we’ve got to approach this topic with practical wisdom and spiritual discernment. Let me tell you about Katherine, as I promised. Katherine's a dedicated Christian business owner. She ran a successful online ministry and a consulting firm, Michael—not too different from you.

One Monday morning, she arrived at her office. It was a normal day—you know how Monday mornings are. She rushed in to get set up after a good weekend. As she walked through her office, she noticed many of the computer screens were on. She didn’t think much of it, assuming updates had been pushed out.
When she got to her office and sat down at her desk, she saw something terrifying on her screen: a blue screen with white letters that read, Your files have been encrypted. Send $50,000 in Bitcoin within 48 hours or lose everything.

Catherine told me later, “Ralph, I was in a state of panic. I got up and ran out of my office. The first office I came to was my secretary's. I looked at her screen, and it had the exact same message.” Sadly, Catherine had fallen victim to ransomware.

If you don’t know what ransomware is, it’s when a hacker locks down your files so you can’t access them. They ransom your files until you pay them. This story perfectly illustrates why we need to be proactive. This is not a time to be reactive.
By the time Catherine saw the message, there wasn’t much she could do except maybe pay the ransom. But as I shared in the statistics, she might not even get her files back. So today, I’d like to share seven warning signs that your computer might be hacked so you can act before it’s too late.

So I hope you can keep me up. Keep up with me and one, take some notes here, but the first one is this. If you've got unexplained, slow performance. And after talking to Catherine, she said, Ralph, I noticed that my computer was getting sluggish weeks before the attack. But she just figured, you know, it's busy during the day.

I kind of brushed it off. And we've had these computers for a while. I figured it was just normal wear and tear. So here's the thing Catherine said to me afterward: she goes: if you know anybody who's experiencing this sluggishness or slow performance, Don't make the same mistake. I made look into this.

So that's the first one. Unexplained. So, slow performance. Now you could reboot your machine. You could look at those types of things, but if it continues to be a sluggish performance, then you need to do something about it. Number two strange pop-ups. Even with ad blockers. Katherine said she started seeing unusual advertisements. And these weren't just annoying.

They were signs of a malware infection. She learned that after the fact when she brought in an IT team to help her. So if you're seeing these strange popups, even if you've got ad blockers turned on, Do something about it. So that's number two though. Strange pop-ups. Let's look at, um, item number three. And that's the program starting automatically.

Now, some people have programs like on my Mac here at the office. I have certain things that automatically one run when I restart now, truth be told. I don't restart my Mac very often, but if you're running a PC or you're running a Mac, you all of a sudden notice new programs appearing and running without your permission. It's usually a pretty good sign that there is a problem. And here's the thing. She found out that certain software would just open on its own issue.

Again, she kind of put it to the side. She goes, well, maybe it was running an update or something like that. So, number three, if you're seeing the program starting automatically. That is a sure sign that you've got a problem. Number four. Unauthorized password changes. And after the fact, Catherine said, you know, my staff started reporting log-in problems weeks before the attack. They would come to her and say, Catherine, I don't understand.

I usually use this password. And unfortunately, it's a bad password policy. And we'll talk a little about that later. But that was a sure sign that someone was already in their system. Somebody had already entered their garden. And they were planting all these terrible bugs all around their system. So, if you're getting reports, even yourself, of unauthorized password changes, it's time to take a look.

Number five, missing files or changes to files. And Catherine said again, Ralph, after the fact, I remember that I was having issues with documents. She said I'd be working on a Word document, and all of a sudden, it would disappear. And then, when I opened it back up, everything seemed like it was an order, but something just didn't seem right.

And she said others in our organization were talking about, you know, they would share files, and all of a sudden, these documents would disappear, but then magically, they come back if you've got a situation where documents are disappearing or being modified if they're making weird changes to the formats or something like that. That's something you don't want to ignore.

So number four, or excuse me, number five. If you've got those missing files or changes to files, look into it. Number six, if you've got unusual network traffic. Now, this one you might not see; it might not be as obvious, but Catherine said in her particular organization, everybody around the water cooler at lunch was complaining about how slow things were on the network. And he just figured, well, you know, it's internet, traffic. Maybe there are a lot of updates going on, but if you see unusually slow work on your network or even on your computer, it seems to just be taking forever to do stuff. Uh, report that. Take advantage, you know, look into that.

Cause that could be a sure sign of trouble. Number seven. This one is the big telltale sign. And that is disabled security programs. If you've got antivirus programs that stop working or can't be updated most of the time, you're going to find that it's because they've been infected with malware or somebody disabled them.

So those are the seven things that get me. Let me go over those again. Number one, unexplained, slow performance. Number two, those strange popups; number three, the program starts automatically. Number four, those unauthorized password changes. Number five is those missing files or changes to files. Number six, they reported unusual network traffic, and number seven, disabled security programs. And, you know, Katherine, Sarah shared with me, she said, Ralph, looking back after the attack, I missed all of these critical signs. And listen, I'm going to share some great prevention tips, but first, let me ask you this. Has today's topic made you think about your own computer security? Do you know, others who could benefit from this vital information?

Well, I want to ask you for a huge favor. I want you to incur. I want to encourage you to share the show today, and there are some easy ways to do it. Here's a couple of things you can do. You could send a text, just text them, like askralph.com. Pick three of your friends who are looking to improve their finances, or maybe have those computer issues and just text them the link. Askralph.com and say, hey, here's something you should check out.

Nothing you could do is share today's website or today's episode in your church's WhatsApp group. Or if you've got a group of people that you work with, maybe a Facebook group or a friend group, send it to them and say, hey, Ralph, this guy rafted the show today about my computer getting hacked, and you really might want to look into it.

Maybe you're on LinkedIn. You could post this to your professional network. Maybe say something along the lines of like, Just some game-changing financial wisdom. But he also masters that with biblical principles. So again, send them to askralph.com. Maybe you can forward this to your family group chat.

Hey, tell him how this show has helped you. Maybe overcome your financial issues. Restore your credit or something like that. Fix your computer. And say, I thought about you. And one last thing you could do for me is to share this on Facebook with a quick testimony of how the show impacted you. If you really want to help me out, share it with your financial advisor or church leader, and mention it in your next Bible study group. Add the link to the Ask Ralph, showing your email signature, and save episodes to share at your next family gathering. Because here's the thing.

It's why I'm asking for your help today. Every share helps someone discover life-changing financial wisdom rooted in faith. I think about this for a second. The person you share this with today could be debt-free tomorrow. So take action. Now, do me a favor and forward askralph.com to someone who needs this message. And as I promised, I'd share some prevention tips, so let's get right to them. Are pen and paper ready?

Number one. Practice digital stewardship. This is where you want to install it. Enterprise-grade antivirus software. Now, I want to recommend it to you; I have no affiliate link with either of those Bit Defender or Malwarebytes. This is something you've got to have enterprise-grade antivirus software on every device. As part of that setup, those automatic stands and automatic scans happen every night at 2:00 AM.

When your system is unused, you don't want to have these things going off when you're trying to work. And here's some that a lot of people don't think about. Keep digital records of all the software licenses and passwords in a secure password manager. And I recommend last passed or one password. So that's number one. Learn how to practice digital stewardship.

Get that. Antivirus software sets up automatic scans and keeps digital records of all software licenses because here's the deal. Let's say that something does happen and you've got to re-install software. You don't want to be scrambling around looking for those license keys. Number two thing. Regular backups.

I'm going to, I'm going to give you what I call the three, two, one rule. Here's what I want you to do. Number. This is going to sound kind of funny, but keep three copies of your data. That's where I came up with the three. Store them in two different types of media, like a cloud or maybe an external drive.

So if you've got a, uh, outside company, like for example, one of these, uh, online, uh, backup companies, I can't think of a name. It escapes me right at this moment. But also put it in there and then put it on an external drive. You can buy these huge external drives that you can connect to your computer or connect to your computer. A Carbonite was the one I was thinking about.

Sorry about that. So, connect it to carbonate. If that's what, again, I have no affiliate link to them. They're just a company that I work with personally. So, send it to the cloud. Well then, if you also have a local backup, maybe on an external drive, maybe get a habit of buying two of those; that's what I do here in my office.

I've got two external drives that just plug right in. And then keep one copy offsite. So that's a 3, 2, 1 rule: three copies of your data should be stored in two different places, and keep one copy offsite. Like I'll give you an example. One of my clients. It backs up to their local server, an external hard drive, and he puts it in their fire safe, and then they have that cloud storage through Carbonite business.

There we go. That's what I was thinking of. So that's what they do. So that's number two. Create those regular backups using that 3, 2, 1 rule. Let's look at number three. I can't stress this one enough. If you've listened to my show throughout a year, you know, I say this all the time, have strong passwords. These aren't passwords 1, 2, 3, or 4; use a minimum of 16 characters.

Yes. You heard me right. 16 characters. You can be creative in this by using number symbols, mixed case letters, and uppercase lowercase. Now you'll notice a lot of websites and all that are making you do this. They'll say to you, Hey, you need to create a new password. Now, give you examples of what it has to be.

Maybe you create a memorable fee freeze, and here's something. Listen, I use the last pass as an example. Never use the same password twice because if somebody guesses your password for site A or site B, and then all of a sudden, they go, well, let me try it on this one. You're going to have a big problem.

And another thing I'm going to highly recommend, and I know it's frustrating. That is to change your passwords every 90 days and use that multi-factor authentication. So number three, strong passwords, as I said, the minimum of 16 characters, mixed number symbols, mixed case letters. And make sure you're changing those things every 90 days.

So that's where using a password manager would probably be a great idea. Let's talk about number four. And that is to update everything. I don't know how many times I've gone to client sites or a client to come in with their laptop. And they don't even update their software, set it up to automatically update.

I don't care if you're a Windows if you're on Mac, whatever it is, a date, your software, because the software companies when they learn about these vulnerabilities, They go into protection mode and prevention mode. And they create. Updates to their software to prevent this. You know, maybe you want to schedule a monthly software update for every first Sunday of each month to say, look on Sunday.

I don't have a lot going on after church. I'm going to set it up to a monthly; go in and look at my software updates. Another thing a lot of people don't think about. And that is to keep your router, your internet, router, and firmware updated as well. How many times have you even looked at it? When was the last time you rebooted it?

When was the last time you looked at it? So, put that into that routine as well. Then, update your mobile devices as well. So, if you've got an iPhone or an Android phone or some tablet that you're using, keep them up to date. So that's number four, update everything. Let's move on to number five. That is employee training, and here's where you have to make it personal. Maybe you can do a 15-minute cyber security meeting once a month and share examples from your particular industry of where people have been hacked or where there have been problems.

Because what you're going to find is a lot of people will give you information. You might not even know about it, like maybe there's that phishing attack. That's P H I S H. Maybe your staff's getting these emails, but they're not even telling you about it. So that's what I'm saying is to have those security meetings share some examples and then work to create a response plan so that if there is a breach, everybody knows what to do and test your team, send out some simulated phishing emails. And here's why things that I think are sort of an out-of-the-box idea: I found this when I was doing some research for the show. His reward is those staff members who spot and report suspicious activities. Give them an incentive to look for those things and make them become hypervigilant.

So that's number five and that's employee training again, make it personal. Number six network security. Now, a lot of people just rely on the PC or the Mac on their desk but use business-grade firewalls for the outside. So if you've got that, everybody has internet now, right? So use those business-grade firewalls like Sonic Wall or Fortinet. Another thing I'm going to recommend you do is, And I don't see this all the time. Keep your network segmented; you know, have a guest Wi-Fi. That is separate from your business network. Now, we happen to be in our office, we use Verizon fires. And as part of that router setup or that modem configuration, it actually creates two separate networks. So, I don't share my private network with people from outside. Nothing you want to do is encrypt all your sensitive data. Last but not least, and I've done some shows about this, use a VPN when you're working remotely because here's the thing.

A lot of people don't know. You could be working in a hotel or an airport or a coffee shop or something like that. And you could get infected by something. And then all of a sudden, you bring that and plug it back into your network, and it's gotten infected on everything. Someone recommend two of them here. That's a Nord VPN business or express VPN.

Both of those are very good software. Again, I have no affiliate connection. So look into those. Number seven is email protection. This is what a lot of people don't think about either: enable that two-factor authentication for email. Are they? Wow. What are you talking about? Yes, you can set up two-factor authentication for your email. Another thing I'm going to recommend you do is use email encryption.

If you're sending anything sensitive, email is not a great place to send sensitive information. For example, in our practice, I don't want clients to send me documents that have social security numbers or addresses or names or dates of birth through email; it is just not a good thing. We have a private portal system.

We use a product called smart vault, where they can upload those things in a secure environment. And here's another thing. Say this to all your staff members: never, ever, never open attachments without scanning the attachment with some kind of antivirus or anti-malware software. And listen, if you don't know who this is coming from, don't open it at all.

I bet you it's three. Three or four times a week. Our email system catches these things. And here's nothing you can do if you, if you're, if you're uncertain at all, verify the unusual request with a phone call; it just takes a minute, make a phone call and say, Hey Joe, did you just send me this document?

Oh yeah, Ralph, I sent you this document. So-and-so. I didn't have time to upload. Okay. Then you know where it's coming from. Another thing you want to do is number eight. And this last on my list is what I call financial safeguards. Now, this isn't necessarily about computer hacking. But if you are in a business where you do bank trains, first, one of the things I'm going to highly recommend you do is set up and do authorization for all bank transfers over a certain amount.

I'm picking a thousand dollars today. You separate computers for banking and general work. Now, a lot of people won't do that, but if you're going to be doing a lot of work at the bank, maybe you should have that computer separate from your general work and monitor your accounts. Daily, keep an eye on what's going on. And here's one thing.

It is all people should have. You know, we talk all the time about that emergency fund. If you're a business owner, if you have a small business, and even if you're a personal thing, I think it's fair to do this, keeping a separate emergency fund specifically for cyber incidents. Now, I'm going to share nothing about two years ago in my accounting practice. I started actually buying cyber security insurance because I saw that on the horizon, this was going to be a huge issue, and it would just take one attack to think about that. The average is 287 days to fix it. But can you imagine? The breach in trust, as you said, Michael, with your clients who they're sharing personal information.

So consider that cyber insurance policy at all as well. Remember. Just as we tied our first fruits. We should invest in protecting our digital assets. We got to do that. You got to do it. First prevention is the key. It can't be this afterthought. These aren't just technical tips. They're modern applications. Uh, biblical wisdom and protection and stewardship.

And it's so important. Now, tomorrow, I'm going to change a topic altogether. I've been expressing why people obsess over that 800-point credit score. And why a different score might be just as good as others. And that's when you don't want them as so many of my clients. I get hung up, and I get, I get listener texts and emails about Ralph.

I got to get my credit score up to 800. It doesn't necessarily have to be 800. So it P tune in tomorrow. Check that out. Remember. My passion is to help you achieve financial success. That's why I do the show. This is why I'm so passionate about what I do. I want to see you live out your dreams. And I want to see you grow in your faith.

And I know together working together. We can master your finances from that Christian perspective. So, as I always say, stay financially savvy again; I'm going to ask if you share the show with somebody. And God bless you.

Podcast Announcer
00:25:05

Thank you for joining us on the Ask Ralph podcast, and with a simple click to subscribe, we'll invite you back to our next episode. And remember, financial issues don't have to be complicated, just Ask Ralph.

The information contained in this episode of Ask Ralph is based on data available as of the date of its release.

Saggio Accounting plus and Ask Ralph Media, Inc. Is under no obligation to update this content if changes occur.

Applying this information to your specific situation requires careful consideration of all facts and circumstances, and any information provided is not to be considered as financial, tax or legal advice. Please consult your tax advisor or attorney before acting on any material covered.