You’ve Been Hacked – Now What? – 5 Cybersecurity Action Steps to Take

The number of organizations that face cybersecurity hacks is growing every single day.  In fact, according to ID Agent, 36% of organizations surveyed suffered a serious data security incident such as a cloud data breach in the past 12 months. The method that cybercriminals use to hack is becoming more and more sophisticated. Let’s say you’ve been hacked – now what? Here are 5 cybersecurity action steps that your business must take right away. 

  1. Keep Calm & Respond Quickly

Do you remember that old saying, “keep calm and carry on”? Well, in the case of a cyberattack, it’s a little different. Yes, you must keep calm, but instead of carrying on, you have to act fast. As a business leader, it is important to keep your team calm and help them walk through the necessary steps to address the attack. 

The sooner you respond to the attack, the better. And you’re most likely to save more money in the end. Our team recommends verifying the following immediately once you’ve realized you’ve been attacked: 

  • What type of attack is taking place? There are lots of different kinds of cyberattacks – phishing, ransomware, malware, etc. First, identify what is happening. 
  • Which systems have been compromised? 
  • What IP addresses were used during the attack?

2. Isolate Compromised Technology 

Once you have identified what systems have been compromised, you must contain them as fast as possible and take them off of your network, so other servers or technology devices won’t get infected. 

It is also important to have your IT management team or incident response team perform a deep dive to ensure that hackers didn’t set up a way for them to gain future access to your systems.

3. Plan for Recovery Time

Just like after any stressful event, you will need to carve time out for restoring data and getting things back in order after the attack. This step all depends on how intense the data breach was. One of the reasons our team stresses backup and recovery so much is so that this part of the post-attack isn’t painful. During the recovery time, you’ll want to backup for all affected systems and change passwords across all devices company-wide. 

4. Notify People About the Attack 

After the attack, it is critical to notify the necessary people, such as law enforcement and your IT management team. Depending on the severity of the breach, you may even have to go public with the information. This can be a daunting process and one that we recommend businesses receive professional expertise on. 

5. Plan for a Future Potential Attack 

If this cyberattack taught you anything, it’s probably that you need a strong incident response plan if this were to happen again. Team up with your IT team to understand how this attack took place, where your company has left vulnerable gaps and how your company can improve moving forward.

It is also important to educate your executive team as well as your employees. A few initial things to make sure you educate your team on are – how to keep passwords secure, what to look out for when it comes to a phishing attack and ensuring that they’re always updating antivirus and malware software. 

With the holidays right around the corner, hackers are on the hunt for vulnerable systems. Make sure you aren’t one of them. If you need help proactively protecting your business or responding to an attack, don’t stress, call MIS – 770.796.4091. 

Schedule a free 15-minute discovery call
We’ll discuss your IT requirements and assess whether we’re the right fit for you.


Liked the articles?

Well, there’s plenty more where that came from! Our incredible team is constantly on the lookout for the latest and greatest IT content to keep you informed about what’s cooking in the world of technology. Make sure you don’t miss out on our amazing content by subscribing to receive blog updates.

  • Remark: We will collect your information for marketing purposes. However, we respect your privacy rights. If you wish to access or amend any Personal Data we hold about you, or request that we delete any information about you that we have collected, please send us an email:
  • This field is for validation purposes and should be left unchanged.