top of page
  • Adam

What should you do if your business is hacked?

In today's digital age, no business—big or small—is immune to cyber threats. The ever-present risk of cyberattacks makes it essential for every company to be prepared and vigilant. A recent statistic revealed that 61% of all data breaches in 2017 occurred in businesses with fewer than 1,000 employees, emphasizing that cybercrime is a growing concern, particularly for small and medium enterprises (SMEs).

Recognizing the Threat

It is a common misconception that only large corporations are at risk of hacking. In reality, SMEs are increasingly targeted by cybercriminals due to often less stringent security measures. The attacks are not only frequent but can also be highly sophisticated, making them difficult to detect. Cybersecurity should be a top priority for every business, as no security system is entirely foolproof.

Step 1: Recognize and Respond

If you suspect your business has been compromised, the first step is to acknowledge the problem, keep calm, and take decisive action. Quick response is crucial as the longer a breach goes unaddressed, the more damage it can cause. Notify your IT team or service provider immediately and start documenting the breach details for a thorough investigation.

Step 2: Investigate and Contain

An IT professional can help determine the extent of the breach. This might involve a temporary lockdown of your systems to prevent further damage. Regular scans by cybersecurity experts can also pinpoint vulnerabilities in your network, potentially preventing future breaches. Cybersecurity isn’t just about reacting; it’s about proactive management.

Step 3: Data Breach Notification

Under the General Data Protection Regulations (GDPR), it is mandatory for businesses to report certain types of data breaches to the appropriate supervisory authority within 72 hours. This requirement emphasizes the urgency of responding to and resolving cybersecurity issues promptly to mitigate potential damage to individuals’ rights and freedoms.

Step 4: Remediate and Recover

After a breach is contained, the focus should shift to recovery and remediation. This could involve decrypting and restoring data held ransom by cybercriminals. While paying the ransom can sometimes seem like the quickest solution, it does not guarantee full data recovery and could encourage further criminal activity. Instead, restoring data from backups can be a safer and more reliable method, albeit dependent on the robustness of your backup systems.

Step 5: Strengthen Cyber Defences

Post-incident, it’s vital to enhance your cybersecurity measures. This might include updating and strengthening passwords, enhancing network security, and conducting regular training sessions for all employees. Awareness and education are critical in combating phishing and other types of cyber scams.

Next Steps

Remember, the likelihood of a cyberattack is a question of "when" rather than "if." Being prepared can significantly lessen the impact on your business. Establish a solid incident response plan, maintain regular backups, and keep abreast of the latest cybersecurity trends and solutions.

For ongoing support and resources on managing cyber risks, businesses are encouraged to consult with information security experts and leverage tools available from local and national cyber security centers.


As cyber risks evolve, so should your approach to information security. Whether you are a small business or a large business, understanding the risks and knowing how to respond swiftly and effectively can make a significant difference in minimizing damage and maintaining your business’s integrity and trust.

2 views0 comments


Post: Blog2_Post
bottom of page