Cyber Security

What to Do After a Cyberattack

  1. Home Home
  3. Cyber Security
  5. What to Do After a Cyberattack
4 August 2020

How To Deal With a Cyberattack

With a growing proportion of the global economy and communication moving online, more and more companies are at risk of falling prey to a wide range of cyberattacks. Digital threats like malware, social engineering schemes and phishing scams are responsible for an ever-increasing cybercrime rate.
This makes it crucial for companies of all sizes to have a business disaster recovery plan in place to mitigate and alleviate any losses if such an event occurs. 
Recovering from a cyber security incident can be challenging, especially if you have lost information that was critical to your business operations. The good news is that you can limit the amount of damage to your company by developing a robust IT recovery plan in advance and by testing its effectiveness. 
However, if your business has already fallen victim of a data breach and you need to know what to do after a cyberattack, Redpalm have compiled a list of steps to assist you in minimising and containing the damage.
Let’s take a look at how this can be done.

  • Limit and Control the Extent of the Data Breach

After an attack, the first thing you should do is work out which servers and IT equipment have been compromised. Once you have that information, contain the spread of the breach as swiftly as you can by securing endpoints, devices and servers that aren’t affected by the attack. 
Below, is our list of things you can do to immediately try to contain and limit the spread of the breach:

  • Disconnect your internet connection
  • Restrict remote access
  • Fortify your firewall settings
  • Install any pending security updates or patches
  • Change your passwords across your business network

Once you’re certain you’ve been compromised, isolate any known compromised devices by taking them off your network. However, if you want any forensics performed on them to identify the source of the attack, DO NOT shut them down as most forensic data is lost on system shut down.
Ensure that you create strong new passwords for every affected account immediately. It’s also important that you avoid reusing old passwords or the same password across multiple accounts. This way, if a cyberattack were to happen again in the future, the damage will be restricted to one system or account. 
It is understandable that after a data breach occurs, you’d want to delete all your old records and data. However, we highly recommend preserving the evidence to find out how the breach occurred and understand the weaknesses in your infrastructure.

  • Manage the Fallout by Notifying Employees and Managers

Inform your staff about the cyberattack and define clear authorisations for all team members moving forwards. Ensure that both internal and external business communications are monitored and properly encrypted. 
It is crucial for your business that all the employees and teams remain on the same page as your company recovers from the attack. Depending on the extent of the damage, you may wish to seek legal advice to ascertain if, when and how to inform your customers about the data breach. 
If you have been the victim of a data breach, you need to report it to the ICO within 72 hours of discovery. To find out more about reporting to the ICO, click here.
Moving forwards, we’d suggest implementing routine security checks and evaluating your response to future test cybersecurity incidents, to minimise the likelihood of a similar attack taking place in the future. 
Identify the lessons you have learnt and make adjustments to your security response plan to remain prepared. 

  • Analyse and Evaluate the Breach

If your business is a victim of a wider-reaching cyberattack that has infected several other businesses, ensure that you closely follow any developments and updates on the situation. This way you’ll be kept aware of any additional help that is made available. 
Irrespective of whether you are a part of an extensive network breach or a solitary victim, you will need to assess and evaluate the root cause of the cyberattack. You need to find out its basis and point of origin within your business network so that you can safeguard yourself against a similar attack, should it happen again. 
Ask yourself these questions to thoroughly gauge the extent of the breach:

  • Which employees had access to the compromised servers?
  • Which network connections were being used when the data breach occurred?
  • How was the breach initiated?

Check your security data logs on your antivirus program, email providers or Intrusion Detection System to find out the exact moment the attack was initiated. If you are finding it difficult to pinpoint the origin and scope of the breach, the experts at Redpalm can provide assistance. 
We have a team of qualified cybersecurity professionals who will not only help you recover from the breach but also protect your IT environment from being compromised in the future.

  • Evaluate, Improve and Implement Security Measures

After a cyberattack, it is incredibly important that you update your IT disaster recovery plan, along with your business processes and techniques. This should be tested routinely and rigorously to ensure security and stability. At Redpalm, we conduct these tests in a simulated environment for our cyber security partners to stress test your security processes and ensure your business network is kept as secure as possible from digital threats. 
As a part of your business recovery plan, restoring and backing up of company data should be the obvious next step. As part of our service, we reinstall operating systems on compromised endpoints as we conduct a thorough scan of your IT environment. Our IT solutions come with backup and disaster recovery solutions that will help your business re-establish and manage data backup easily and efficiently with zero downtime. 
At Redpalm, our clients benefit from our comprehensive data protection solutions that ensure the safety and security of their IT infrastructure and equipment including physical workstations, servers and devices.

Get in Touch

Your business cannot predict when, where or how a digital breach will occur but you can take proactive measures to ensure that you are well-prepared if the worst happens. Putting together tried and tested cyber security solutions, as well as a preventative business recovery plan, is the key to protecting your business and to mitigating the impact an incident could have on your business if the worst happens. 
Our managed services provide endpoint security that delivers protection in real-time against email threats, malicious links and malware. Our IT solutions consist of the latest security measures with the best host intrusion prevention applications. 
Cyberattacks tend to put your brand’s credibility on the line and we can help you uphold your reputation with our cybersecurity solutions. If you have been searching for professional IT support and cybersecurity services based in Northampton and operating across the Midlands, then give us a call today!

Search For Posts

Subscribe To Our Newsletter

Subscribe to receive industry news and insights.

    Trending Articles

    phishing email scam, paper email icon on a hook above a laptop

    A Deep Dive Into HR Phishing Email Scams
    small business IT support, woman holding computer smiling

    5 Business IT Support Priorities You Should Consider

    Software Licensing – Why Is It Important?

    Adam

    LinkedIn

    Service Delivery Manager

    Adam joined Redpalm in 2015 as an apprentice on the service desk and in the following 10 years has worked his way up to becoming the Service Delivery Manager. He continues this progression by expanding our existing customer base and working closely with customers to build a personable relationship and offer Redpalm’s service recommendations.

    Read Full Bio

    Latest From The Blogs

    IT outage disaster recovery plan, a person working on a laptop in a data centre
    Cyber Security

    Can You Recover from a Major IT Outage in Under 2 hours?

    If you don’t have a disaster recovery plan for your business yet, you might still have key questions about disaster recovery plans. Is it possible to recover from a major IT outage in 2 hours in the UK? Can any plan be strong enough to allow for a 2-hour IT recovery? These are the questions that we’ll be addressing in this blog. We’ll explain what fast disaster recovery in the UK looks like and how you can plan to quickly resolve your issues.

    Read More
    Cyber Security

    Is Your Business Ready for the End of Windows 10 Support?

    In this blog, we’ll explain what the end of Windows 10 support means for businesses, covering the risks, technology challenges, and how your business can stay secure with the right support.

    Read More
    it audit and cyber insurance, 2 technicians finding cyber security gaps in encrypted data on a computer
    Cyber Security

    Can IT Health Checks Lower Your Cyber Insurance Premium?

    In this blog, we’ll explain how IT audits reduce cyber insurance premiums and provide you with a cyber insurance readiness checklist. You’ll also find practical steps to prepare your IT systems and documentation for renewal with support from Redpalm.

    Read More
    jaguar land rover cyberattack, hackers planning in front of multiple screens with the world map on them
    Cyber Security

    4 Lessons SMEs Can Learn from the Recent Jaguar Land Rover Cyberattack

    In August 2025, Jaguar Land Rover suffered a cyberattack that halted production and disrupted supply chains. The incident highlights the operational and financial risks of IT outages, the importance of a clear incident response, and the vulnerability of all businesses. SMEs can learn key lessons to strengthen continuity and cyber security.

    Read More
    Cyber Security, Hybrid IT

    How to Provide Endpoint Security for Remote Teams Without Slowing Productivity

    Securing remote workforces requires balancing protection and productivity. Core measures include endpoint detection and response, patching, VPNs, monitoring, recovery, and staff training to reduce risks without slowing workflows. Modern endpoint management tools and zero-trust approaches help small and large businesses stay resilient, compliant, and efficient.

    Read More
    chrome security update, cropped shot of a person using a computer
    Cyber Security

    How Chrome’s Latest Security Update Reflects Cyber Threat Evolution

    Google Chrome faced 5 zero-day vulnerabilities in 2025, patched quickly to counter active exploitation. These incidents highlight how rapidly cyber threats evolve and why timely updates are critical. Businesses must adopt structured patch management and monitoring strategies to reduce risk, maintain continuity, and strengthen resilience.

    Read More
    outgrowing internal it team, IT professional around computer screens listening to an employee query in the office
    Managed IT Services

    How to Recognise When Your Business Has Outgrown Its Internal IT Team

    In this blog, we’ll explain clear signs you’re outgrowing your internal IT team and why it might be a good time to outsource your IT infrastructure and operations to a trusted provider.

    Read More
    ai in it support outsourcing, cyber security professionals developing an AI software
    General, Managed IT Services

    The Rise of AI in Outsourced IT Support – What UK Firms Need to Know

    In IT support outsourcing, AI is helping UK firms reduce downtime, cut costs, and scale services without compromising quality. Automation tools handle routine queries while machine learning enhances system monitoring and ticketing efficiency. Adoption concerns are addressed through human oversight and reliable design. Redpalm delivers AI-enhanced MSP support tailored to business needs.

    Read More
    prepare for zero day attacks, person in front of multiple big screens involving global network code for phishing, ransomware, and cyber terrorism search
    Cyber Security

    How B2B Firms Can Prepare for Zero-Day Attacks in 2025

    As a business leader or IT manager, you probably know that technology is a double-edged sword. Although it drives efficiency,

    Read More
    software licensing compliance, IT technicians in a server room analysing data with a laptop and a tablet
    Business, General

    How to Stay Audit-Ready For Software Licensing Compliance

    Ensuring software licensing compliance is crucial for maintaining business continuity and avoiding legal issues. However, software licensing UK regulations can be complex and change frequently, making it challenging to keep everything in order.

    Read More