Your Guide for Responding to an IT Breach—Response Matters Just as Much as Prevention

October 23rd, 2020
Your Guide for Responding to an IT Breach—Response Matters Just as Much as Prevention


IT security and cybercrime prevention are enormously important for companies and businesses of all sizes. Each year, enormous entities and large enterprises invest hundreds of millions of dollars into this type of security, and yet, each year, reports of breached data continue to pile up.

It’s said that the accelerating frequency and growing costs of security breaches will potentially reach $6 trillion annually by 2021. Some studies show that there’s a hacking attack almost every thirty-nine seconds—and that’s just the current report.

These statistics don’t just apply to large businesses, though—small businesses are often the #1 target for cybercrime.

No matter how highly sophisticated a cyber defense is, the constantly evolving iterations of cybercrime and cyberattacks can best any plan—that’s why apt, appropriate, and swift response is a hugely crucial (though rarely talked about) portion of any air-tight cybersecurity plan.

Knowing what to do and how to respond ASAP in the event of an IT breach can make all the difference in the potency of an attack, the aftermath, and even your reputation as a business.

We’ve identified a few crucial response steps that any fortified cybersecurity plan should implement
into their procedure, but first, let’s talk about the most important step of all—preparation.

Prepare, Prepare, Prepare

You know the old adage, right? “Failing to plan is planning to fail.” Even if you rolled your eyes reading that sentence, the reality is, it’s true—without a cybersecurity response plan entirely prepared, you’re out of luck when the time comes to react.

So, what’s the point of preparing, exactly? To be ready before an attack happens so that in the event of an attack, you’ll know exactly when to act, how to act, and which crucial steps to take first.

Being ready for a cybersecurity attack can help reduce the risk your business could face, minimize the potential damages that often go hand-in-hand with being a victim of cybercrime, and could even help
you manage your reputation in the event things go wrong.

Planning ahead and creating an effective IT breach response plan can also help to reduce your recovery time and ease the anxiety of getting your IT plan back up and running.

Oftentimes, preparation plans include communication strategies, or rather, strict guidelines for who
you’ll need to communicate with, what you’ll be communicating, and who in your company is authorized to do that communicating.

It’s also likely that your communication plan will include factors like regularly testing backup systems, training employees on cybercrime awareness, and instituting reliable documentation of the environment.

All in all, having a procedure for best prevention practices is a core component of ensuring your response plan is in good shape should something unfortunate happen.

How to Respond: Your Step-By-Step Guide for Responding to a Cyberattack

Not all cyberattacks will happen by the book, so, it’s not entirely possible to lay out an exact step-bystep guide for your precise situation.

That being said, no matter what type of attack you’re dealing with, it’s crucial that you’re able to validate an attack is happening and try to determine the type, too. Validation is important because it
helps you keep your dedicated efforts focused on the right issues.

We’ve laid out a few generalized, but effective, steps below to help you begin to develop an effective response plan below.

Step 1: Confirm

Once you’ve verified that something is happening, confirm that report with your team and take action
ASAP. Call your organization’s insurance company to adhere to any procedural requirements needed to protect forensic data or evidence.

Now’s the perfect time to review your company’s disaster recovery plan to ensure you’re following the procedure by the book.

If you’re a business owner, now is the time to step in and be the leading voice for the situation. Tell your employees what should and shouldn’t be communicated through public channels (the press, clients, social media, etc.). Our advice? Try out a standard recommendation that nothing is permitted to be disclosed until the company releases a formal statement, giving yourself—and the investigative team— to sort through what happened.

Finally, during this step, backup everything you can. Even the infected computer. This can help you
create a recovery path if data is destroyed or decryption fails.

Step 2: Containment

Now, contain the situation. Run a vulnerability scan from the internet against your firewall and try to find any peculiarities or weak spots. Then, try denying all international traffic in the firewall along with inbound traffic across your Remote Desktop Protocol.

Enable VPN access first, then RDP across the VPN-protected connection. Unplug your internet connection at the router and firewall until you’ve regained control of the network. Check your security
and system logs for unusual activity.

Do you have a service to search the dark web for stolen credentials? If so, give that a try.

Then, check your local and domain account for any changes or new things you didn’t expect to see.

Don’t forget to check-in with your insurance company, too—you’ll need written authorization from your provider before you move on to the next step.

Step 3: Remediation

First, unplug your Internet connection and disconnect all computers (including servers). Remove the
gateway IP address from DNS temporarily. Put the domain controller in safe mode and clean it. Disable
autorun on all systems.

Disable Windows Task Scheduler on all systems, too. Reset your passwords to a default password and
share that new password verbally around the office so others can reset theirs, too. Absolutely under no
circumstances should you email this out. Make sure it’s only through verbal communication.

Step 4: Recovery

Only attempt to restore from a clean backup—if a clean backup doesn’t exist, you’re in a sticky situation.

While we can’t advise that you pay a ransom or not (in a ransomware situation) because we don’t know
your unique circumstances, it’s important to understand that this is often a life-or-death decision for

The decision is up to the insurance company or the business owner, though the FBI has issued a statement that recommends victims don’t pay the ransom and instead backup their files.

Step 5: Debrief

Review the entire incident and document it thoroughly. Use this information to create an even more
sophisticated prevention plan for this type of attack in the future.

Don’t Forget PR & Media Follow-Up

Remember that communication plan we hinted at earlier? This is where that comes into play.

On top of the stressful, chaotic damage that can ensue as a result of a cyberattack, it’s often the fallout from the press and the media that can dramatically injure a company’s reputation. Bad PR after the fact can result in damage to a brand’s reputation, lower employee morale, and lead to regulatory pressure or litigation, so it’s crucial to handle the situation with the press swiftly and properly.

Decide on a spokesperson from the company who’s fully prepared, understands the angle, knows how
important and impactful an interview with the press can be. Ensure that this spokesperson is briefed on
the situation, understands the agenda, and can ensure the company’s position is consistent and solid
throughout any interview.

The Final Step for Effective Response—Team Up With the Right Cybersecurity Partner

What are you waiting for? NOW is the time to act and protect your company from the potential of
cybercrimes that could damage your reputation, wreak financial havoc, and destroy your business goals
with one swift click.

Team up with a qualified partner who can customize a unique cybersecurity plan for you, manage your
protection, and even train your employees on how to spot and eliminate the potential for cyberattacks.

Feeling Lucky?

Confidence and Ego aside, you run a great business/organization but you’re a businessperson not a
Cybersecurity expert. You Don’t run your business with luck so why risk what you’ve invested (time,
money and sleepless nights) by reading this and just letting it go as another LinkedIn article read. TAKE ACTION!

Because we give back to the community, we are giving away 2 businesses/organizations FREE
Cybersecurity Assessments each day until we have to pull this offer.

To get your Assessment visit:

Why should you listen to me?

’m a 2-Time Best-Selling Author on the topic of Technology. My company (Your Business Solutions) is celebrating our 16th year in business this year. We’ve been recognized by INC 5000 list and The Houston
Business Journal in their Fast 100 list just to name a few things.

To get your Assessment visit: