When it comes to cyber crime, such as system hacking and malware infections, it is well known that small businesses suffer disproportionately as compared to their bigger corporate counterparts. According to a recent report by the Ponemon Institute, over 60 percent of small businesses experienced a cyber attack in the past 12 months in 2017. That’s up from 55 percent in 2016. Partly to blame for this trend is the fact that small, resource-strapped businesses tend to have more vulnerabilities and are thus open for attack.

If you own a small business, there are certainly precautions you can make to keep most cyber criminals away. But what should you do if you find out that your business has already suffered a security breach?

When your digital data network has been compromised by hackers or malware, a slow or apathetic response can mean even bigger problems for your business. Below, we’ll look at several actions you need to take as soon as you find out your business has been hacked in order to help manage and contain the situation.

6 Things You Should Do if Your Small Business Has Been Hacked

First, take a deep breath and get some composure.

Depending on the scope and nature of the breach, you may have an urge to start doing something, anything right away. While you do want to get a handle on the situation as soon as possible, making impulsive decisions will usually backfire, causing even more harm in the end. Now is the time to take deliberate, measured steps to contain the data breach and minimize the damage.

One of the most important things to keep in mind is that you want any evidence of the breach to remain intact so it can potentially be traced back to the source of the crime. In particular, that means you shouldn’t erase or alter your system logs in any way until after the situation has been investigated.

Locate and contain the problem.

Now it’s time to contain the threat. Your objective is twofold: 1) to stop any ongoing activity or communication between the impacted devices or areas in your system; and 2) as mentioned above, make sure any traceable evidence is preserved. Where a connected device has been hacked, you should disconnect it from your business’ network, but do not shut it down. With a virtual machine you can take a system snapshot to record the details of the situation while the breach is happening or immediately after. This snapshot can then be analyzed later on.

You should also make sure to change the passwords and/or limit account access on any user accounts, particularly those suspected in the breech.

Investigate the security breach and its impact

Now the real detective work starts. You need to figure out what happened, and that addresses three things:

  1. What information was accessed?
  2. What kind of attack occurred? For example, was it a virus, malware, or an unauthorized remote access?
  3. What weak point(s) the cyber criminals exploit in order to get into your system? Did someone click on a bad link? Did someone plug their own, infected device into the network? Did you neglect to update your security systems?

Figure out what needs to be done

There are two main paths that need to be taken care of. The first is a series of technical steps designed to prevent another attack from the same source. This could include running an anti-virus or malware scan, remotely wiping a stolen mobile device, updating your system with security patches, or changing the network firewall rules.

The second area involves communications- though not yet within the public sphere. You will likely need to communicate the details of the breach to some of your staff so they can help the company through the restoration phase. You may also need to report the incident with law enforcement officials. The FBI currently has an Internet Crime Complaint Center that allows your to report online crimes like malware and ransomware attacks.

Make public announcements and prepare for responses

While it may not be a pleasant thing to do, your company may need to make the breach public- particularly where customer information may have been compromised. There should be a series of public statements and announcements about the situation. These announcements can take several forms, such as a press release, a series of emails, or a message on your website, and they should explain what your company has done thus far to repair the security breach. It should also include any relevant steps customers may need to take to protect their information, such as changing their passwords. You should also provide some way for concerned customers to contact your company and get answers to any questions they may have.

Learn from the experience.

If you don’t want to find yourself in the same situation a few years or even months down the road, then there are several things you should do after the storm has past. The first is recognizing where the weak points are that made your business vulnerable to an attack and then working to strengthen them. This may include security training, monitoring employee activity, and improving or upgrading your network security systems, for example, via encryption or user authentication protocols. Plus, if you don’t have a security incident response plan in place, then now is the time to create one!

Bottom line: when your business is hacked, you can’t afford to be passive or slow to act. Only by proactively dealing with the problem and its cause can you hope to move on swiftly and safely.