You’ve Been Hacked! Now What?

By: Raj Patel

November 4, 2022

Predators like lions and cheetahs don’t discriminate, they just prey on the weaker animals. Likewise, hackers prey on the weak. Many small businesses don’t practice effective cyber hygiene and are easy prey for hackers.

According to the National Cybersecurity Alliance:

  • More than 70% of attacks target small businesses
  • Almost 50% of small businesses experienced a cyberattack
  • Small businesses are three times as likely to be targeted by cyber criminals than large companies

“Many small businesses are willing to take the risk of getting hacked.
Are you one of those organizations?”

Today, any organization can get hacked and lose customers’ personal data or disruption of services from a ransomware attack. The difference on the impact from such an attack is dependent upon:

  • Preventive measures to stop the attack – e.g., training employees on phishing attacks, strong passwords, multi-factor authentication, etc.
  • Detective measures to detect the attack and stop it in its tracks – e.g., monitoring systems to block incoming attacks.
  • Respond & Recovery measures to effectively recover from an attack – e.g., having an Incident Response Plan that has been tested

Unfortunately, like the 5 million plus other companies, you got hacked. Now what? An effective incident response and crisis management plan is what you need. The plan would have four critical capabilities:


You can stop the most common cyberattacks. For example:

  • You have trained your employees to not fall for phishing attacks
  • You implement strong cyber hygiene to prevent a hacker exploiting your systems
  • You keep your software and security patches up to date to protect from zero-day attacks
  • You secure your endpoints to protect against data loss and malware
  • You encrypt your data to protect against unauthorized data access


You can detect cyberattacks. For example:

  • You monitor your networks for unusual activities
  • You have implemented intrusion detection systems
  • You review your network logs periodically


You can recover from a cyberattack. For example:

  • You have a document incident response and crisis management plan
  • You have trained your team on your plan
  • You have tested your plan and made appropriate improvements
  • You have access to cyber, forensic and legal experts
  • You have effectively backed up your data and systems


You learn from prior incidents. For example:

  • Your team assessed the cyber incident and provided recommendations
  • You can recover any financial loss from your cyber insurance policy
  • You update your incident response and crisis management plan based on lessons learned
  • You re-train your employees from lessons learned

If any or all of the above parts are missing, your organization will face significant costs to recover. A recent Karpersky Lab report indicated that small and medium-sized businesses will incur $98,000 immediately, $95,000 in the next week and $118,000 after one week. You would also face a long-term of operations disruption or even go out of business. Due to recent regulations, you could face fines or imprisonment for not properly disclosing and addressing any customer data loss.

Don’t wait for the hackers to get you before you take action to implement good steps to respond to a cyberattack. If you lack an effective incident response and crisis management plan, email me at and we will help you.

To learn more about this topic, watch the recorded version of our You’ve Been Hacked! Now What? webinar with the Small Business Association of Michigan (SBAM) coming soon!

Related Posts