What to do after a Cyber Attack

Do you know the chances of your business being the target of a cyber attack? The likelihood has only increased with cyber crimes seeing a drastic increase of 600% since the start of the pandemic in 2020 and the popularization of work-from-home dynamics. Do you or your employees know what to do after a cyber attack?

With one, small gap in your cybersecurity or one wrong click from an employee your business can be exposed to the risks of a cyber attack and data breaches. Do you or your employees know what to do after a cyber attack?

What is a Data Breach?

A data breach happens after a successful cyber attack on your business. This can result in the deletion of important information and/or theft of sensitive data.

Some cyber attacks can immediately cripple your networks, whereas others take weeks, even months, to discover. But one thing that all cyber attacks have in common is that they can all potentially cause damage to your business from which you may not be able to recover financially and reputationally.

Planning for a cybersecurity incident and designing and revising both incident response and recovery scenarios for different types of attacks can actually be a lifesaver for your company.

The Risks of Not Having a Disaster Recovery Plan

Imagine a situation where you have just discovered that your business was hacked. You have no idea about the source of the attack, the extent of damage, or how much it’s going to cost to recover from it. On top of that, you don’t have a cyber incident response plan or disaster recovery plan for your company in place either.

A disaster recovery plan is so crucial to have because it enables you and your team to carry out a swift and organized plan for solving the crisis. Any kind of successful cyber attack can cause chaos in your network and among your staff, and that can lead to a slower response time.

To understand why having a disaster recovery plan is so important, let’s take a look at some of the possible consequences of not having one.

Data Loss

When a company suffers a cyber attack, a business’s sensitive data can be compromised. In such a situation, it is crucial to act quickly and isolate the source of the attack and all affected systems.

Companies that don’t have a recovery plan will take more time to react to a data breach than ones that do. The longer it takes to identify and isolate an attack, the harder it will be to protect your data, meaning that sensitive customer and partner information may have already fallen into the wrong hands. And if you aren’t even backing up your data securely both off and online, the damage of a data breach can be irreparable.

Business Interruption

A serious cyber incident would inevitably bring a stop to your operations if your business doesn’t have a plan for dealing with it. Having a recovery plan in place helps you resume operations much faster. A disorganized and chaotic reaction to the incident could make the situation even worse and significantly increase the amount of time and effort needed for recovery.

Any downtime would result in your company losing money both in terms of revenue and employee productivity. Smaller companies especially cannot afford to be non-operational for an extended period of time.

Expensive Recovery

The more time it takes to recover from a cyber attack, the more money a company loses. Business owners sometimes don’t realize how much it costs to recover or recreate the lost data in a data breach.

That doesn’t even include the costs associated with loss of profit, potential losses stemming from expensive lawsuits, and the cost of potential system overhauls that require all new hardware and infrastructure to be purchased and installed. The fact that many businesses, regardless of size, might never be able to financially recover from a cyber attack if are caught completely unprepared can’t be stressed enough.

How Do You Respond to a Data Breach?

If you have cyber insurance, your provider may offer in-house expertise and services specifically tailored to enhance the cyber response and defenses. When a cyber event happens, your insurance company may have experts who walk you through the proper response steps. If your business is the victim of a data breach and you’re wondering how to respond, consider the following steps to help minimize the damage:

  1. Contain the Cybersecurity Breach

While you may be tempted to delete everything after a data breach occurs, preserving evidence is critical to assessing how the breach happened and who was responsible. The first step you should take after a data breach is to determine which servers have been compromised and contain them as quickly as possible to ensure that other servers or devices won’t also be infected.

Here are a few immediate things you can do to attempt to contain a data breach.

  • Disconnect your internet
  • Disable remote access
  • Maintain your firewall settings
  • Install any pending security updates or patches
  • Change passwords

You should change all affected or vulnerable passwords immediately. Create new, strong passwords for each account, and refrain from reusing the same passwords on multiple accounts. That way, if a data breach happens again in the future, the damage may be limited.

  1. Assess the Security Breach

If you are one victim of a broader attack that’s affected multiple businesses, follow updates from trusted sources charged with monitoring the situation to make sure you know what to do next. Whether you’re part of a broader attack or the sole victim, you’ll also need to determine the cause of the breach within your specific facility so you can work to help prevent the same kind of attack from happening again. Ask yourself:

  • Who has access to the servers that were infected?
  • Which network connections were active when the breach occurred?
  • How was the attack initiated?

You may be able to pinpoint how the breach was initiated by checking your security data logs through your firewall or email providers, your antivirus program, or your Intrusion Detection System. If you have difficulty determining the source and scope of the breach, consider hiring a qualified cyber investigator – it may be worth the investment to help protect yourself moving forward.

Identify those affected by the breach

You’ll also need to find out who may have been affected by the breach, including employees, customers, data and third-party vendors. Assess how severe the data breach was by determining what information was accessed or targeted, such as birthdays, mailing addresses, email accounts and credit card numbers. Any affected or lost data can quickly be regained with your Back Up service provider. Learn more about Back Up services by contacting NTi today.

Educate your staff about data breach protocols

Your employees should be aware of your business’s policies regarding data breaches. After discovering the cause of the breach, adjust and communicate your security protocols to help ensure the same type of incident doesn’t occur again. Consider restricting your employees’ access to data based on their job roles. You should also regularly train your employees about how to prepare for a data breach or avoid a data breach in the first place.

  1. Create a Data Breach Notification Response Plan

Notify managers and employees of the breach

Communicate with your staff to let them know what happened. Define clear authorizations for team members to communication on the issue both internally and externally. Remaining on the same page with your team is crucial while your business is recovering from a data breach. You may need to consult with legal counsel to figure out the best way to let your customers know about the breach.

If you have cyber insurance, notify your carrier

Cyber insurance is designed to help you recover from a data breach or cyber security attack. Contact your carrier as soon as possible to see how they can help assist you with what to do after a cyber attack.

How to Help Prevent a Cybersecurity Breach

The FBI has provided the following additional tips that can help protect individuals and businesses from being victimized by cyber fraudsters:

  • Do not open attachments or click links within emails received from senders you do not recognize – if you do, report it to your IT department immediately so they can make sure malware not been activated and released.
  • Do not provide usernames, passwords, birth dates, social security numbers, financial data or other personal information in response to an email or phone call.
  • Avoid using the same password for multiple accounts.

Ensure your businesses takes time to review and update information security policies, business continuity plans, and data breach response plans and regularly communicates with employees about them.

If you discover you are the victim of a fraudulent incident:

  • Contact your IT/security department, if you have one
  • Immediately contact your financial institution to request a recall of funds
  • Contact your employer to report irregularities with payroll deposits
  • Report the attack to the Internet Crime Complaint Center (IC3). They’ll forward it to federal, state, local, or international law enforcement. Also, contact your credit card company. Tell them if you’re disputing unauthorized charges made by scammers on your card or if you suspect your card number was compromised.
  • If you or your organization is the victim of a network intrusion, data breach, or ransomware attack, contact your nearest FBI field office or report it at tips.fbi.gov.
  • You could also become a victim of identity (ID) theft. Visit IdentityTheft.gov to learn how to minimize your risk.


There are no guarantees or fool-proof plans for protecting your business from the many types of cybercrime that exist. The best you can do is establish robust security protocols and educate your employees in order to minimize your risks.