The First Critical Steps After a Cyber Attack

Critical Steps After a Cyber Attack

As they say, prevention is better than cure. But what if prevention just wasn’t good enough? Here are the first critical steps to take after a cyber attack.

This is almost four times the cost of breaches in 2015. While large retailers, banks, and federal headlines draw massive attention when hacked, businesses of all sizes are at risk.

When it comes to cybersecurity, prevention is always better than a cure. But it’s crucial that you and your team know exactly what to do immediately following a cyber attack.

Ready? Let’s get started.

Don’t Panic After Enduring A Cyber Attack

While it may be easier said than done, it’s important that you stay as calm as possible in the event of an attack.

A cyber attack can definitely be classified as a disaster scenario. But if you avoid panicking, you’ll be able to take the most proactive steps and respond in a logical and organized way.

Don’t Pay a Ransom

Some cyber attacks will involve a ransom, and it can be tempting to just pay the ransom to regain control over your servers.

Often, ransom demands will be low, making it more likely that businesses will choose to pay it, instead of paying for outside IT security consultants to investigate and fix the problem.

But these types of attacks are often used to advertise the hacker’s abilities so they will be hired for more damaging attacks later on. Hackers also often communicate, sharing vulnerabilities as they discover them. If you pay a ransom, you may be leaving your business open for future attacks.

Form a Response Team

Before you can address the damage from the cyber attack, you need to form a capable, experienced response team. This team will need to include IT staff members (contracted or in-house) who can investigate the attack and work to resolve it.

You may also need to include HR professionals on this team if your employees are impacted by the attack. PR representatives are also helpful as they can determine the best way to explain the attack to your customers. Finally, you may need to include legal counsel since these attacks have a number of legal implications.

Use Your Backup Servers

If you’ve got backup servers already available, switch to them immediately following the attack. If they haven’t been damaged by the cyber attack, your business can keep its network up and running even while your team is working to fix the issue.

If you don’t have these servers, avoid the temptation to switch off your main servers. While this may be your first instinct, turning your servers off won’t help fix the damage. If you leave them on, your team can analyze any evidence from the attack and use it to find a solution.

Isolate the Breach

Your technical team should aim to find out where the breach happened, so they can contain it quickly. The goal is to ensure that as few systems as possible are impacted.

Unfortunately, this will often mean that you need to suspend the part of your network that was compromised. This can be extremely disruptive and costly to your business. You may even find that you have to temporarily suspend your whole network.

No business owner wants to do this. But in the event of a cyber attack, isolating and containing the breach is crucial for minimizing the damage done to the network.

Once this has been completed, your technical team will test other parts of your network to make sure it hasn’t spread. And once they’re certain that it’s contained, they can work to remove it.


The next step is to conduct an investigation. You’ll need to explore all facts about the attack, including the effects, the source, and any actions that still need to be taken to fix the damage from the attack.

This will usually involve members outside of your IT team. HR staff will need to be involved if your employees were impacted by the attack. PR staff will need to make a plan if the public or customers were impacted. And your lawyers will need to begin exploring the legal courses/consequences due to the attack.

Basically, at this point, everyone should be moving quickly to manage the fallout from the cyber attack. Your job is to make sure they have all necessary resources to carry out those tasks and give them clear leadership.


As your teams work to combat the attack, ensure they’re documenting everything they find and do. This evidence may end up being incredibly valuable. You’ll be able to find out how the attack happened and make sure that part of your business is not vulnerable in the future.

Along with data that your team can use to strengthen your cyber security, this documentation will usually be useful when addressing regulatory and legal requirements and managing public relations later on.

Contact Clients

This step is all about being proactive. Your team needs to reach out to all clients impacted and let them know. You may need to ensure they change any passwords, or PIN numbers if their private information was compromised.

This is likely to be the most difficult step. But a reactive approach, where your business confirms the cyber attack after customers realize their information has been compromised can massively damage your reputation.

Prevent Future Attacks

When it comes to cyber-security, top-notch security may seem expensive at first glance. But you’ll quickly realize that it’s not even close to what you’d spend when dealing with a cyber attack.

Luckily, you have plenty of options to make your business less of a target for cybercriminals. From security assessments to state-of-the-art antivirus software, there is more affordable and effective technology being released every day.

Preparing for a Cyber Attack

These days, the average business is becoming increasingly likely to be targeted for a cyber attack. Whether you’ve recently been attacked or you simply want to make sure you’re not attacked in the future, we can help.