cyber security

How to Respond to a Cyberattack: 7 Crucial Steps

woman with head in her hands in front of computer

Cybersecurity is obviously a leading concern for companies today. The constant onslaught from online hackers has created a destructive and expensive battleground.

In fact, during just the first half of 2022, 817 data breaches were recorded in the U.S, affecting over 53 million individuals. Every data breach means a customer’s data is compromised. Every breach could mean a customer lost, or a customer that becomes part of a lawsuit. 

Thus, an online world demands a proactive approach to defend against cybersecurity attacks. That said, even the best plans are vulnerable to new and sophisticated attacks. This article will share seven steps a company should take in the event of a cyberattack.

1. Confirm- Engage Your IT and Security Teams if:

  • Common files, applications, or services suddenly cannot be accessed.
  • Files or software have been unexpectedly installed or changed.
  • Files are unexpectedly encrypted or blocked.
  • Pop-ups or unknown programs load when you access the internet.
  • Accounts or passwords are changed without your knowledge.
  • Internet speed lags or computers hang due to a spike in network traffic.
  • Random emails are sent without the user’s knowledge.
  • Programs begin running chaotically or try to reconfigure themselves.

If any of these symptoms appear, contact your IT and Security team to investigate. If this is a data breach, the first course of action should be to mobilize the cybersecurity response team, pinpoint the attack’s source, and take defensive measures.

2. Contain the Breach:

Once you have confirmation that a breach has occurred, your first step is to contain it. This means:

  • Shutting down any unauthorized access points. 
  • Blocking any malicious activity.
  • Disabling the Internet.
  • Disabling Remote Access.
  • Changing Passwords.
  • Checking Firewall settings.
  • Installing pending security patches or updates

3. Communicate with Third Parties.

  If your company relies on third-party suppliers or partners for key data services (such as payment processing), be sure to establish communication lines with them to ensure that any potential breaches are detected and quickly remediated.

4. Assess and Repair the Damage:

Once the breach is contained, the team will have to determine what caused it. Were there any loopholes? Any system vulnerabilities? Any human error (like password sharing with others)?

After determining the cause, the team can not only repair the breach but take measures to stop this type of attack from happening in the future.

5. Alert The Authorities:

Now is the time to report this breach to the local FBI field office or If you’re in the U.K, report it to Action Fraud. 

If any data is breached, and your business is under GDPR, then contact Information Commissioner’s Office as well.

6. Advise Customers:

Once everything is under control, it’s essential to notify customers of the situation so they can take appropriate precautions. 

If you can’t contact them directly, send them an email or text message with instructions on how to protect their data, including password changes, updating antivirus, etc.

7. Update Employees on the Breach and Teach them How to Avoid it in the Future:

It’s important that everyone in the company is educated on cybersecurity.  But this is not limited to a one-time onboarding training session.  Cyberattacks are constantly evolving and changing in methods and complexity.  Employees need to be kept up to date so they know how to spot and stop potential breaches.  This can be done through online or offline training courses.

It’s important to take preplanned steps immediately after a data breach occurs.  Having an active breach protocol can prevent greater damage and protect customer information.

By following these tips, your company can better protect its customers and ensure that any potential breaches are detected.

 If you need help in implementing these types of training and protocol measures, please contact us.