Wifi Hacked? Suggestions sought

I'm part of a small business partnership, and our internet usage is pretty minimal. Each month we use way less than 50% of our download quota. We are about half way through this month, and this morning we got a warning from our ISP that we were over 70% of our quota. This afternoon we got another warning saying that we were now over 90% of our quota. We contacted the ISP and they said that we had downloaded around 36GB today. They said that it didn't look like virus activity, because it was almost all downloads, and virus activity apparently usually shows significant uploading.

We will certainly investigate the possibility that it is some rogue employee, but we are a small, very closely knit business and it seems highly unlikely. It seems more likely that our WiFi has been hacked, and given that we are located right next door to an adult secondary college that teaches IT to overseas students, some possible culprits come immediately to mind.

No-one in our business is particularly technically sophisticated, and our external IT support is very limited. The WiFi network is definitely secured, but I don't know the details of what kind of security setup has been used.

I wonder if anyone here can make an suggestions of the most likely scenarios that we should investigate in order to track down what has happened and to prevent it happening again?

Also, if it is an external hack, how difficult (and expensive) would it be to get someone to identify for us who has been doing it?

At the moment we have turned off the router until we work out what to do.

 

Ensure your WIFI is encrypted with WPA2 and protected by a password of at least 20 random alphanumeric characters. Disable WPS functionality of your WIFI router as well as UPnP. Update router firmware to latest version (check router manufacturer web site). Change the default password of the router with a strong alphanumeric password. Disable (if enabled) the remote administration of the router.

Please note that regardless of the above some routers are subject to the WPS vulnerability (even if this feature has been turned OFF). Many linksys and netgear routers and many other brands. If your router is aged the best is to replace with a new model (after you have ensured that the model has been issued recently) or use alternative firmware (www.dd-wrt.com/).

If you do all the above you can exclude external hacking as an issue.

Also from the logs of the router you should be able to list the attached device and MAC addresses. Do an inventory of attached legitimate devices and you will spot the intruder (if any).

 

Thanks - that is very helpful.

 

fax's advice is excellent. The only thing I can add is that for someone who professes to not be technically sophisticated, you did exactly the right thing by shutting down the WiFi until you get some answers. Too bad more don't react in a similar fashion!

 

I suspect that instances of "unexplained activity" are common enough to be irritating to ISPs and to make them want to not spend much/more time on such situations. I also think a customer's first step would be to carefully review (and/or have a professional review) their own systems and talk to those who use them. Double checking and securing systems as you go. Having said that, if I ran into that situation and was unable to account for the activity and put my mind at ease, I would ask my ISP about the records they keep and work to get more detailed information about the activity. Which might shed some light on exactly what happened and/or who was responsible.