What Steps to Take After a Cyber Incident Occurs

As a business owner, you are likely all too aware of the fact that cyberattacks are an ever-increasing threat for companies of all sizes. While there is often a misconception that only major corporations need to be concerned about cyberattacks, cybercriminals are increasingly targeting small to medium-sized businesses. In fact, it is estimated that one in five small businesses will fall victim to a cyberattack. 

This makes it critical that businesses not only take steps to defend their data from a potential breach, but they should also have a recovery plan in place so that they will know what to do should the unthinkable happen. When a data breach occurs, every second matters, and you will need to know what to do so that you can act quickly to contain the breach. Taking the time to prepare now can help to minimize the damage caused by a potential data breach down the road. To help ensure that your company is prepared, keep reading to learn what steps you should take immediately following a cyber incident.      

Do Not Panic

The moment you realize that your business has suffered a data breach, your first instinct may be to panic. This is understandable considering the fact that data breaches can lead to millions of dollars in losses. However, while it is easy for a data breach to send you into a panic, it is critical that you take a moment to try to calm down. In order to successfully contain the breach and minimize any damages, you will need to be able to maintain a clear head. Even though you may initially feel overwhelmed and as though there are a million things you need to do to mitigate the damage, it is ok to take a moment to calm down and formulate a plan. This will help to ensure that you and your team are able to respond to the breach in a logical, organized way, rather than running around in a panic trying to put out fires. 

Form a Response Team

In order to ensure that you are able to respond to the data breach in an organized manner, you should immediately form a response team tasked with containing the breach and assessing the damage. You will need capable and experienced IT staff by your side who can come up with a plan to resolve the problem at hand. Depending on the size of your company, it may be in your best interest to contract an outside IT company to help you manage the data breach. Many smaller companies do not have enough experienced IT personnel on hand to successfully manage a data breach. Additionally, contracted IT professionals will have experienced handling similar data breaches, which can make them invaluable in helping you to efficiently respond to a cyberattack. Depending on the extent of the data breach, your response team may also need to include PR representatives and legal counsel who can help you to manage potential fallout from the attack.   

Contain The Breach

Once you have a task force in place to address the breach, your first step should be to isolate and contain the breach, as this can help to minimize the number of affected systems. To do this, your team will first need to determine where the breach occurred. Once they have isolated the location of the breach, your team will be able to begin work on containing the problem and stopping it from infecting other systems. This may involve suspending any parts of your network that are known to have been compromised. 

Once breached portions of your network have been isolated, your team can then begin testing all other portions of your network to make sure that they were not compromised as well. Your team must take every possible precaution to ensure that compromised portions of your network are isolated before they begin investigating the breach in order to prevent the breach from spreading. Make sure that you do not start reloading system data from backups until you are sure that the breach is fully contained, as you do not want your backups becoming infected as well.


Once you have the data breach contained, your next step should be to investigate the breach to determine the extent of the damage. This will help you to figure out how far-reaching the breach was and what you will need to do to recover. Your IT staff should be using this time to investigate the cause of the breach, the wide-ranging effects the breach may have had on your company, and the steps that need to be taken to fix any damage to your IT systems. Your IT staff can then begin formulating a plan to recover from the attack, and they can implement any necessary fixes. It is particularly critical that they come up with a plan to patch any vulnerabilities that may have led to the breach.   

Begin The Notification Process

A critical step your PR and legal teams need to take following a data breach is to reach out to all customers, clients, and business partners that may have been impacted by the data breach as soon as possible. Time is of the essence, as you have a responsibility to ensure that anyone whose information may have been stolen is made aware of the breach, as they may need to change their passwords, PINs, or banking information in order to prevent identity theft. While an organization may be reluctant to share that they have fallen prey to a cyberattack, you could end up with a worse PR situation if customers only learn about the data breach after their information has been compromised. It is better to be forthcoming, as people will respect that you were honest and gave them a chance to protect themselves. Additionally, you may be legally required to alert customers and/or the public to a data breach. It is then important that your legal and PR teams work together to determine what needs to be done, and how your company should address the data breach, moving forward.     

Prevent Future Attacks

Once you have recovered from a cyberattack, it is critical that you examine what happened during the breach and that you take steps to prevent a similar attack from occurring in the future. This might include patching vulnerabilities in your servers, training employees on how to avoid phishing scams, or implementing technology that can help you to better monitor threats. Take what you learned during your investigation, and fix security flaws and vulnerabilities that may have led to the cyberattack.  

Of course, you may find it helpful to consult an outside cybersecurity company at this time. Bringing in outside IT professionals will give you access to new insights as well as the latest innovations in cybersecurity, helping to ensure that you are able to properly defend your company against future cyberattacks. 

Feel free to contact us to learn more about the benefits of consulting expert IT professionals following a cyberattack as well as to arrange a free cyber threat assessment.