Skip navigation

BLOGWhen You Get Hacked

by Randall CraigFiled in: Make It Happen Tipsheet, Blog, Data, Technology, Trust, WebTagged as: , , ,

Nobody plans on getting hacked, but sadly, it happens all too often. So when it does, the first question will always be “what should I do?”.

When You Get Hacked

While every situation is different, these action points will help you both recover… and reduce the risk going forward. Use this list as a checklist for when it happens, or as the basis for a plan you put together in advance.
• Immediately change all of your passwords to strong passwords, for both internal and external cloud-based systems. Mandate that all staff do the same, as the breach may have originated from anyone whose credentials provided access.
• If there will be a public impact to the hack (due to a data breach, for example), how you react to this will be just as important as the breach itself. Bring in an experienced PR crisis manager.
• Enable Two-Factor Authentication on every system; use a password manager, such as 1Password, or Apple’s built-in password manager.
• Send out a correction on all of your platforms (e.g. web, email, Social Media, etc.) that the hack took place, advising that your account information may been exposed (if this is true), and to be cautious of requests that seemingly come from “you” but appear to be out of character.
• Call key clients, suppliers, and partners on the phone; let them know, and warn them about seemingly inappropriate requests from “you.”
• Review your sent mail or posts by you to identify any clues or specific actions the hacker may have attempted.
• Review your social media for any suspiciously added contacts/connections/followers, and delete them.
• Review your user registrations for any suspiciously added users, especially with admin privileges, and delete them.
• Do a deep virus check both on your computer and others on your computer network, for any malware that was implanted in your system, that may later be activated in a multi-stage attack.
• Review any firewall logs and any automated penetration testing tools for anomalies, and possible sources of a breach. If this has occurred, disconnect all of your computer systems from the internet to reduce the likelihood of a remotely controlled ransomware attack, and get professional IT security help. (They may harden your IT security, restore all systems to a pre-attack back-up, etc.)

• Ensure that all admin access to systems is in the hands of a trusted individual, and that Two-Factor Authentication is enabled.
• Ensure that when an employee (or contractor) is no longer part of the team, that their access is removed immediately. Review all user accounts on all systems, then disable access for any user who is not known or shouldn’t have admin rights. A disgruntled employee may have added “back-door” access to the company’s systems prior to their exit.
• Use firewalls to prevent unauthorized access. This can include physical firewalls after the router, firewalls on individual computers and servers, as well as web application firewalls on web-based applications.
• On websites, use tools from Cloudflare (to prevent DNS-based and dDOS attacks), WordFence (WordPress firewall and scanner), and (automated penetration testing).
• Both Microsoft’s mail service and Google’s Workspace (formerly Gsuite) mail service offer better malware protection than any other mail service. Change your system to one of these if you are using an ISP-based email system, or if you don’t have the resources to keep your on-premise system updated.
• Have multiple back-up systems, including both the cloud and local backup, such as Apple’s Time Machine. Test the “restore” functionality to make sure it actually works.
• Hire an external team to do a security audit on your systems.


The weakest link in the security “stack” is people. If security awareness training for all staff has not taken place recently, then now is the time to set it up.

And one more thing: Before the week is out, do a test on your back-ups: how long will it take to be up-and-running if you had to restore your computers’ data on completely new machine(s)?

Related post: Identify Theft and Email Spoofing

Does this topic resonate? Reach out to Randall: he can present it to your group.  (More presentation topics)
Download Randall’s professional credentials: Speaker credentials one-sheet or Management Advisory credentials.

Content Authenticity Statement: 100% original content: no AI was used in creating this content.

@RandallCraig (Follow me for daily insights) Professional credentials site.



Randall Craig

Contact us for more on Randall’s topics, availability, and audience fit.

Back to top