How can you tell? Here a few things to watch for:
1. Late-night logins.
2. Increase in spear phishing, from internal or external.
3. Malware frequently picked up on your networks.
4. Data flows to new places.
5. An increase in computer usage.
At some time, someone will get through your layered defenses, so have these three best practices in place:
1. BACK UP your data.
2. Employ image backups.
3. Create local admin accounts to be able to access computer with admin rights.