You’ve Been Hacked – NOW WHAT?


Hopefully, you’re reading this because you’re planning ahead. If it’s too late for that, you can skip to the NOW WHAT? section here. No judgements.

For everyone else, let’s review the basics – data security fundamentals for 2021. If you come up short here, don’t beat yourself up. Many companies, especially younger ones, still struggle with security basics. Unfortunately, hackers know that – so let’s do something about it!

Risk Management Profile – Much like investing, or the daily calibrations we each make with respect to Covid-19, your risk management profile involves a thorough, brutally honest assessment of what you can and cannot tolerate in terms of risk to your business. For example, do you keep a list of data security requirements for vendors and third-party suppliers? Would you drop one for failure to comply? What about their requirements for protecting their own data? And how do they protect yours?

The answers to a lot of these questions could be I’m not sure, which is why it’s helpful to enlist a partner like mac-tech, who can think through these questions with you, and help you make decisions that improve your data security, streamline processes, and increase productivity.

Action Plan – Once you’ve established your risk management profile, you will clearly see which security policies and procedures you need to articulate and document. You won’t need everything, but every business needs an Action Plan. Essentially, this is a written document that outlines who does what in the event of a security breach. Make sure that all staff understand what is expected of them and why. Make it very clear, in advance, who is responsible for decisions like informing law enforcement or taking your systems offline. It may sound trite but keeping your business secure is a team effort in the truest sense of the phrase. In fact, we devoted a whole article to the intersection of cybersecurity and company culture. Check it out here.

Data Backups – We can’t emphasize this enough. Write it on your forehead. Tattoo it on your chest. Whatever works. Establish frequent, routine, wholesale data backups to a separate network. As you probably know, ransomware is the flavor du jour of your friendly neighborhood hacker. If they can’t hijack your data, they have no real leverage, because here’s the thing: You are not paying that ransom. Ever. Why? Because they still have a copy of your data and if they even return it to you, which isn’t likely, you have no control over what they did with it in the meantime. The best you can do is proceed with your Action Plan and, because you backed up your data, keep your business running.

Multi-Factor Authentication – Businesses sometimes avoid this, worrying that it detracts from user experience and gets unwieldy. Neither of these things need be the case and the upshot – your flourishing business – is hard to put a price on. Don’t believe us? Ask!

Strong Passwords – Right, right, right, you’ve got this one. It’s so obvious, it’s embarrassing. You’re absolutely right. The folks at Solar Winds, in particular the bloke who actually used “SolarWinds123” as a password – which was instrumental in their security breach – are probably embarrassed too. Any questions?

WFH Adaptation – As we discussed here, remote work is here to stay for a while. This is another area where a culture of mutual trust and responsibility is crucial. With your employees dispersed across multiple locations, hackers have a big, multifaceted target. Put the policies in place that will ensure each employee uses a secure wi-fi connection and adheres to mobile device management guidelines or BYOD policy. When things go wrong, which they will, thank people for their integrity and don’t dwell on mistakes.


Ok, so you’ve been hacked. Thankfully, you have an Action Plan.

No Action Plan? Ok, let’s triage.

Is it too late to call us? Absolutely not. We can help. 212-689-7911.

Stay online. Your first instinct is probably to go dark. Don’t. This will immediately alert the hackers that you’re on to them. They will do as much damage as possible and vanish.

Stop the bleeding. Identify the parts of your system that are impacted and isolate them from the rest of your network.

Close the loophole. Figure out how the hackers gained access and close that entry point immediately, even if the damage is still spreading within. No sense leaving the door open for other bad actors to walk through.

Notify law enforcement. This can feel like relinquishing control, and in a sense it is, but it goes a long way toward preventing future cybercrimes and offers some legal protection. When it’s time to notify your customers, they will appreciate knowing that you’ve taken ownership, which will help mitigate damage to brand perception.


Once you are absolutely certain that your system is safe, go ahead and restore data from back ups. Assess how you responded to the attack and communicate clear steps you will take to prevent future security breaches. Revise – or draft your first – Action Plan.

mac-tech anonymous profile

“Much like investing, or the daily calibrations we each make with respect to Covid-19, your risk management profile involves a thorough, brutally honest assessment of what you can and cannot tolerate in terms of risk to your business.”