How to Handle the Aftermath of a Cyber Attack

How to Handle the Aftermath of a Cyber Attack

How to Handle a Cyber Attack Workplace Connect

Cyber-attacks are increasingly becoming more common, and businesses are affected by them in the UK every day. In the last 12 months, it has been found by Gov official statistics that around 39% of businesses have suffered a cyber-attack. Furthermore, over a quarter of these businesses (39%) said they had faced them at least once a week.

Therefore, we want to educate you on the best way to deal with them through 5 steps.


1. Alert your IT team

The first thing you should do if you believe there is a cyber-attack is alert your IT team as soon as possible. This can help to prevent the malware from spreading across your entire organisation or limit an attacker’s movement within the network as containment measures can be made earlier.

 Cyber-attacks could have severe detrimental impacts on your reputation, productivity, and data, so the quicker they are identified the less impact they can have. Notifying the IT team as soon as possible means that the threat can be identified early, and the Cyber Security Incident Response Team (CSIRT) can begin cyber-attack response procedures such as identifying the issue and quarantining any infected machines or network segments to contain the threat, as well as collecting volatile data and logs from the infected machine for forensic analysis before it is overwritten. The earlier they know about the issue, the quicker these initial response steps can be made, as well as a greater chance that important volatile data on the devices can be captured, which can help with analysis in steps to prevent it from happening again.

If you notice any Indicators of Compromise, or strange behaviour on your computer or have any suspicions of a potential breach, always alert the IT team of the situation, even if it turns out to be harmless, it is better to be safe than sorry.


2. Assess and Document

Next, the IT team should learn all the details of the incident so that they can establish the facts and begin to understand the type of cyberattack it is and the scope of the infection. Key details they should gain a good understanding of include:

  • How staff noticed there was an attack
  • Where the suspicious behaviour was first noticed
  • The actions of the staff with infected machines prior to the attack
  • What systems may be affected and what behaviour they have exhibited since

Understanding these key components will help the IT team to understand more about the origin of the attack, what it is trying to do and how far the infection has spread, the more information the better.

Every stage of the investigation should be noted down by the team so they can provide evidence of how they dealt with the attack throughout the incident response process; this will be reviewed later to assist in preventing it from happening again, and if there was anything that could have been done better. This will also aid in the Chain of Custody documentation in case of potential proceedings against the malicious party. The investigation should be conducted as shown in your workplace’s cyber security plan and needs to be compliant with company policies. The investigation must remain confidential to the IT team to an extent because the attack could be due to a malicious insider wanting to harm the business.


3. Report Incident to Authorities

Your business may want to get in touch with local authorities to alert them about the cyber-attack; then the authorities will put you in touch with multiple agencies who will want to monitor and assist with handling the attack. This can be helpful because they will create an official record of the cyber-attack which you can use to prove the business has taken adequate steps to handle the problem. Furthermore, the agencies can support your IT team with carrying out the investigation as well as reducing the impact of the attack. Examples of agencies you can contact regarding an attack include Action Fraud and the National Cyber Security Centre.


4. Notify the Public

Once you have started to deal with the attack and your IT team knows the full extent of the damage, depending on the scope of the data breach and the affected data, you may need to notify the public that your business has suffered an attack and what this means for your business as well as the stakeholders. This is because customers have the right to know if any of their details have been jeopardised and how this affects them. However, if the breach didn’t affect any consumers, then you may not have to notify the public of what has happened.

Next, if the damage affects customers or stakeholders, the media must be notified. However, careful planning and preparation need to go into this; you want to be able to control the narrative and show how you are capable of handling the attack. Your business should hold a meeting with the relevant people (e.g. managers, HR, and the incident response team) to plan the angle they would like to take regarding the attack. It would also be recommended to get professional advice from a PR expert who can show you the best way to portray what happened to the media.


5. Prepare for Legal Concerns

Once the cyber-attack has been dealt with, you then should prepare for the legal outcomes of this as there are various charges and fines that can be given as a result of the cyber-attack depending on how the attack occurred and if the company took adequate measures before and after the incident.

One charge you should be aware of is a government/legal charge for not taking the proper precautions to defend and deal with a cyber-attack. Relating back to what we said previously, this is why you must note down every step you take to deal with the attack; because this will be evidence of how seriously you have taken it. Similarly, if the government/authorities decide your business didn’t have adequate protection in the first place, you can be fined for a lack of security in place.

Another charge your business could potentially face is legal fees from customers who have had their data, money or credentials stolen because of the attack. Customers could want compensation for the impact the cyber-attack has had on them and depending on how many customers were affected, you could face losing a substantial amount of money if their data was improperly handled.


Now you understand the process of dealing with a cyberattack, we hope you realise how important it is to invest in a strong and secure security plan. Luckily, we can help you with securing all your IT to prevent attacks like this from happening to your business. If you would like to learn more, contact us today:

Contact (


Review Text

Testimonial #1 Designation

Review Text

Testimonial #2 Designation

Review Text

Testimonial #3 Designation

    Our Partners

    How to Handle a Cyber Attack Workplace Connect
    How to Handle a Cyber Attack Workplace Connect
    How to Handle a Cyber Attack Workplace Connect
    How to Handle a Cyber Attack Workplace Connect
    How to Handle a Cyber Attack Workplace Connect
    How to Handle a Cyber Attack Workplace Connect

    Clients Testimonials

    Stephen Sawley

    Being partnered with WPC is a joy. Their level of service and turnaround is exceptional. As is every member of the support team that I am in contact with. Savvy support and great to work with!

    Mark G

    We have been using Workplace Connect for around 2 years now, and have found them to be a great company to work with. The change over from our last provider was seamless, and we have enjoyed an uninterrupted service since then. They are always available to assist with any enquiries, and deal with all matters promptly. I wouldn't hesitate to recommend them to other businesses.

    Elliot Azim

    I have worked with this company for over 4 years and can safely say that the customer service is second to none. The staff go above and beyond to assist with clients and suppliers and are always very friendly and responsive. I would highly recommend Workplace to anyone looking for a quality IT partner.


      How to Handle a Cyber Attack Workplace Connect
      How to Handle a Cyber Attack Workplace Connect
      How to Handle a Cyber Attack Workplace Connect
      How to Handle a Cyber Attack Workplace Connect

      Get Our Free Guide

      How to Handle a Cyber Attack Workplace Connect
      For more resources, click the link below!

      Latest Resources

      How to Handle a Cyber Attack Workplace Connect

      IT Security For Working From Home

      Here are 5 ways you can implement good security practices…

      How to Handle a Cyber Attack Workplace Connect

      5 Signs Your Phone Has Been Hacked

      Here are 5 easy to understand signs that your phone…

      How to Handle a Cyber Attack Workplace Connect

      Whitelisting vs Blacklisting

      Blacklisting and whitelisting are two different ways of being able…

      Subscribe for Latest Cyber Security News & Tips




          Speak to a Specialist