Your Business Has Been Hacked—Now What?
So, your business has been hacked. What should you do next?
First you need to pause and assess. Before taking any action, take a deep breath. Rushing to “fix” things immediately might seem natural, but it can actually cause more harm than good. Why? Because once you’re hacked, your IT systems effectively become a crime scene. To prevent further damage, disconnect impacted devices from the network to isolate/stop the spread ii possible.
Next, check for a cyber incident response plan. If your organization has a cyber incident response plan, follow it carefully. This plan is designed to guide you through specific steps to handle the breach without causing further damage or data loss.
If you don’t have a response plan, don’t worry. Instead, consider contacting your cyber insurance provider (if you have one). Most cyber insurance providers have protocols and partnerships with cybersecurity experts who can help with damage control and ensure you’re compliant with any insurance requirements. If you don’t have cyber insurance, your next step should be to reach out to your internal IT team or your external MSP. They can provide guidance and help coordinate a response.
But if you don’t have a response plan, cyber insurance or an IT team to rely on—don’t worry. You can still take action:
Start by documenting everything: Write down everything you know about the breach—when it started, what systems were affected, any strange activity you observed, etc. This documentation will be essential for any IT or cybersecurity experts you bring in later.
Consider freelance or contract cybersecurity experts. Even if you don’t have an internal IT team or cyber insurance, there are many cybersecurity experts and firms that offer emergency incident response services. Look for reputable providers with experience in data breach response to help guide you through containment, investigation, and recovery.
Report the incident to local authorities. If you suspect a criminal act, consider reporting it to local law enforcement or even the FBI’s Cyber Division, especially if sensitive information or financial data was compromised. They may be able to provide resources or guidance.
Consult industry-specific resources. Some industries, like finance and healthcare, have dedicated cybersecurity resources or industry groups that can offer assistance or advice in the event of a data breach.
When faced with a data breach, you might feel the urge to start restoring data, reformatting computers, or even wiping systems clean. Don’t do any of that just yet because you could be causing more problems like-
Destroying Evidence: Restoring data or wiping systems can destroy digital footprints left by attackers. These traces are critical for investigators to understand how the attack happened, identify the vulnerability, and assess the full scope of the damage.
Insurance Risks: Many cyber insurance policies require specific protocols to be followed after a breach. If you unintentionally erase evidence, you might jeopardize your coverage.
Hidden Threats: Hackers often embed malware deep within networks. Without a thorough examination, restoring from backups could reinstall the hack, allowing attackers to regain access even after you've “fixed” the issue.
Once the immediate threat is contained, review your response and learn from the incident. Consider implementing a formalized cyber response plan if you don’t already have one, and invest in tools or services that monitor for future threats.
Data breaches are complex events that require a methodical, informed response. Having a clear, professional plan in place is the best way to respond effectively without creating additional risk or damage.
If you have questions or need assistance, schedule a call with us or visit our Learning Center for more information. We're here to help!
We also have this information in video format.
