What to do After Your Business' Cyber Security is Breached

Businesses large and small are susceptible to cyber security breaches. But what happens after a business suffers from an attack? Below are a few helpful tips on how to recover after a security breach.


As soon as you are aware of a breach, you must act quickly to assess the extent and severity of the breach, determine the cause of the breach, identify what was lost and contain the problem.
  • When did the breach happened and how
  • Disconnect compromised devices
  • Identify affected assets
  • Identify the least sensitive/more sensitive data stolen
During this time, your IT and forensic team should jump into action to avoid further damage by:
  • Resetting all passwords
  • Removing any files installed during the attack
  • Separating sensitive data
  • Disconnecting affected hosts
Implementing these tactics as early as possible can help stop the damage from spreading.


Communication between IT, Legal, and PR/marketing departments is critical during this time. Legal and PR/marketing teams must be fully informed of the extent of the breach and relay information to employees. The PR/marketing team should focus on informing clients and vendors and managing potential reputation damage in a timely manner. The legal team should prepare itself in case of possible class-action lawsuits. It is essential to communicate what happened, what you are doing about the breach, and what you are doing for those impacted by the breach.

Prevent future breaches

Once your business recovers from the attack, your next step is to prevent another breach. You will need professionals to help guide you through the process of stabilizing and protecting your business’ assets. Read more about safeguarding your business against a cyber security attack and contact us at twraftery@falconconsultinggroup.com or (800) 636-4870 for assistance!