How to Manage a Cybersecurity Incident

Written By Russell Mickler

Cybersecurity sounds like a problem for bigger fish, but small businesses are often the primary targets for digital criminals. Why? Because they’re easy-pickn’s: they’re usually very busy and have no IT department.

You’re a small business owner. If you discovered a breach today, what would you do? Most owners don't, and that panic often leads to expensive mistakes.

Managing an incident isn’t just for technical engineers. Here is a non-technical guide to help you navigate a security crisis without losing your cool.

1. Don’t Panic—Communicate Privately

When you suspect something is wrong — perhaps a suspicious wire transfer or a locked computer — the first step is to gather your key players. Avoid discussing the details on your main company email or Slack; if your system is compromised, the hackers might be "listening" to your plans. Keep your conversations private and offline until you’re in the clear.

2. "Stop the Bleeding"

Your instinct might be to start investigating "how" this happened. Ignore that for now. Your priority is to stop the damage.

  • Isolate: If one computer is behaving strangely, disconnect it from the Wi-Fi or shut it down — even better.

  • Consult Experts: Talk to your IT provider before deleting information. Blindly cleaning up after a cybersecurity incident can sometimes delete the very evidence needed to recover your data or cause a permanent system crash.

3. Verify the Impact

Ask your team: “What is the worst-case scenario right now?” Is it customer credit card data? Your payroll system? Knowing exactly what is at risk helps you decide if you need to call your lawyer or insurance provider immediately.

4. Fix, Then Clean

Once the immediate threat is neutralized, implement a fix.

Important Note: It’s best to never just "clean" a hacked computer. It’s safer to wipe it entirely and restore from a known clean backup. This ensures no "backdoors" are left behind for the hacker to return.

5. Loop in the Professionals

If you suspect customer data was stolen, you likely have legal obligations.

  • Legal & PR: Digital privacy laws vary by state. Consult your legal counsel before sending a mass email to customers. The wording matters for your liability.

  • IT: Contact your IT provider for advice and best practices.

  • Insurance: Contact your cyber-insurance carrier early; they often provide forensic experts to help you recover.

6. The "After-Action" Review

Once the dust settles, hold a Postmortem. Sit down with your team and ask: How did they get in? How can we stop it from happening again? Use this moment to turn a crisis into a stronger, more resilient business strategy.

Need help building your defense?

We help small businesses turn IT from a source of stress into a managed asset. Please reach out to us to help secure your operations today.

R

Russell Mickler

Russell Mickler is a computer consultant in Vancouver, WA, who helps small businesses use technology better.

https://www.micklerandassociates.com/about
Next

Mastering the SLAM Method to Avoid Phishing Attacks