What To Do When Your Business Email Gets Hacked

Disclosure: Our content is reader-supported, which means we earn commissions from links on Crazy Egg. Commissions do not affect our editorial evaluations or opinions.

The email account you use for your business is one of the most valuable digital assets you control. It is the hub of most of your online accounts, likely your main method of communication and one of the pillars of your online presence.

Due to the efforts of cybercriminals and other hackers online, it is all too easy to fall into a trap or scam and lose your business email. Should this happen, your online accounts will be compromised, and you won’t be able to maintain the integrity of any confidential information or accounts associated with the address.

It is possible to maintain control over your other accounts with swift action. Yet your hacked email address will also likely be the starting point for emails such as the one below, threatening and annoying your contacts (and embarrassing you and your business in the process).

hacked email account

This is unacceptable, and it is also likely that your email address will spread malware and phishing schemes to your contacts. Seeing an email from your trusted email address, many of your associates might be more likely to fall for a well-laid scheme. Rightly or wrongly, many will blame you for their troubles, which makes it all the more important to respond correctly to an attack.

Once you know that your business email has been hacked, you will need to take the following steps in this order:

Check and Lock Down Your Accounts

If you are fortunate enough to notice the breach early on, go to all of your other accounts and information linked with the email address and cut off access via that address whether through changing the password or changing another setting on the account. Do whatever will break the link so that cybercriminal activities are limited to sending out malicious emails. Heaven forbid hackers get to your business’ bank accounts.

Start by notifying banks and other financial institutions (or at least changing the verification info). Continue on to social media accounts, and make sure that no one has been tampering with settings and information on any of those accounts. Follow up with all other linked accounts you can think of, as there is often more information that can be used against your business than you realize.

After checking all of your accounts and taking immediate measures, make sure that you are using the best verification measures that you can to secure your accounts. Use strong security questions, two-step verification, etc. Try to think about it as putting a deadbolt on your other accounts.

Notify Necessary Parties

If your email address gets hacked, one of your first responsibilities is to contact everyone that your account could send an email to. At the very least, you need to do this with your business associates who might have sensitive information and you know you can contact. You cannot let your breach affect others.

If the email address is linked to a subscriber list or otherwise works as a front for the public face of your company, try to make a quick post on your website explaining the situation and apologizing. You may also wish to make a post on social media accounts and whatever other methods you can think of. It is not the best way to save face, but it does show that you are taking charge of the situation.

Prepare to Contact IT or Customer Service

It might be possible for you to get your email back by simply hitting the “forgot password” link when you want to sign in to your account. If that is the case, congratulations on your good fortune. Please move on to the other steps in the article, which are still just as important.

If you are unfortunate and hackers have really gotten into the nuts and bolts of the security on your company’s server (or another non-mainstream hosting methods), you will have to call your company’s IT professional. They’ll almost certainly know what to do in the situation and will be able to secure the network against further attacks. You cannot fear any repercussions or judgement, because they’ll be the one sending out the warning against potential scams or phishing attacks coming from your address.

Otherwise, you will want to see if your email provider has a way for you to contact them in order to settle matters. They often have a common interest with you in preventing the spread of spam and malware over their channels, so they’ll be experienced and more than willing to help you. You might also be asked to fill out a more specific form asking for other account information instead of making a phone call, which you should do as soon as you can.

Clean Up Your System and Email Account

Once you get ahold of your email again, you should try to seek and flush out the reason you lost your business email address in the first place. This could very well mean you have malware on your system which will quickly lead you into the same problem a few days after getting your account back.

You are going to need to use a strong malware scanner and possibly manually search through your computer files and programs for anything that seems out of the ordinary. If you were the victim of a phishing attack, you might have given malware permission to be on your system and remain safe from any scanners you use. In a worst case scenario, you may even need to restore your computer or reinstall your OS.

After your computer is cleaned up and safe, you’ll want to check out the damage the hacker did with your email account. Try as best you can to remember how it was before you left (most people spent enough time on it to not have too much difficulty) and write down any changes. See if you can find any emails in the trash bin worth noting and also take note of any emails in the “sent” folder. You’ll be able to see how much spam was sent in the name of your business and who you might need to contact later.

At the same time as all of this, take a few minutes to adjust the security settings and verification settings on your email account, if possible. Change everything, even if it hasn’t been tampered with. In bad circumstances, you might notice that the hacker added their own details (unfortunately, they’re probably untraceable) to hope to get more use out of the account later. Clean it all up and breathe a bit easier now that you have your account back.

Ensure Maximum Protection Once You Get It Back

Once you get your email back, you are going to need to do everything possible to keep it. The culprits might assume that you are an easy target, and they likely have some information that will make it easier to infiltrate you in the future depending on your verification decisions. Take note of the following so you don’t fall into the same trap again:

  • You are going to want to use a Virtual Private Network (VPN) if you ever check your email when you travel or are outside of the workplace (and you do). The main reason behind this is that hackers on public networks can intercept your email login info using a simple setup. Verification measures aren’t as useful, and only the encryption of one of the best VPNs (example in use below) will let you keep all of your accounts safe regardless of your location.


  • You’re probably being beaten over the head by now, but make sure to use every verification measure you can and get alerts (examples for Gmail shown below) whenever someone tries to access your account.


  • You might want to consider using an email encryption program such as Criptext to keep your business emails more confidential and safe as they travel over the internet. Encryption will instill more confidence in your communications with little to no disadvantage.
  • Make sure that you are using proper online security tools to keep your computer clear of malware and other online dangers. Adjust your browsing habits accordingly with any business-related device.
  • Start a schedule of updating all of your programs and systems as soon as possible, as security patches are absolutely vital to the safety of any computer or email account.

Conclusion: It’s a Long Process, but a Necessary One

There is a possibility that getting your email back might take a day of your time. Then you have to consider the additional time spent managing the aftermath and securing all of your accounts so you don’t have to deal with any further difficulties. It can look like a small mountain to climb.

Yet the problems you’ll have to deal with if you don’t react immediately and decisively are so much worse. A hacked business account doesn’t simply go away, and you risk alienating your colleagues and customers through inaction. There is a clear path to freedom, and all you need to do is take the first step.

If you are reading this and don’t have any problems, take this as a warning and take the preventative measures described above. You’ll save yourself a lot of time and even more worry.

Have you ever had to deal with this process (or a variation of it) yourself? Do you think there is anything else people should do to protect themselves before and after an email account gets hacked? Please let us know your thoughts and feelings on this matter in the comments section below. Also, please share this information with your colleagues so that they know what to do should this situation arise.

Cassie is an internet security specialist and blogger for Secure Thoughts, an excellent resource for important internet security information. She is delighted to share these tips with you and hopes that you will seek out more information on the matter. You can follow her on Twitter @securethoughtsc.

Make your website better. Instantly.

Over 300,000 websites use Crazy Egg to improve what's working, fix what isn't and test new ideas.

Free 30-day Trial