It’s 3AM and your phone is ringing. A customer can’t access their account on your website. Your email isn’t working. Your staff can’t log into the system. The sinking realisation hits: you’ve been hacked.
This nightmare scenario happens to Australian businesses every day. When it does, the next few hours can make the difference between a minor disruption and a business-ending disaster.
First 30 Minutes: Don’t Panic, Act Fast
Your first instinct might be to start clicking around, trying to fix things yourself. Stop. Take a breath. Every minute counts, but so does doing things right.
Here’s what to do immediately:
- Disconnect affected systems from the internet – Unplug network cables or disable WiFi. This stops the attack from spreading or getting worse.
- Don’t shut down computers – Turning them off can destroy evidence that cyber security experts need to understand what happened.
- Take photos of any error messages or strange screens – Use your phone to document what you’re seeing.
- Contact your IT support immediately – If you don’t have dedicated IT support, call a cyber security professional straight away.
What Not to Do (This Is Important)
When you’re stressed and customers are calling, it’s tempting to try quick fixes. But these common mistakes can make things much worse:
- Don’t try to “clean” infected computers yourself
- Don’t pay any ransom demands without expert advice
- Don’t ignore the problem hoping it will go away
- Don’t post about the incident on social media
The First 24 Hours: Damage Control
Once you’ve contained the immediate threat, focus on three priorities:
1. Assess the Damage
Work with cyber security professionals to understand what data was accessed, what systems were affected, and how the attackers got in.
2. Communicate Carefully
You’ll need to tell customers, staff, and possibly regulators about the breach. But timing and messaging matter. Get legal advice before making any public statements.
3. Begin Recovery
Start restoring systems from clean backups (if you have them). Change all passwords. Update security software. Remove the attackers’ access completely.
After the Storm: Prevention Is Better Than Cure
Every cyber attack teaches valuable lessons. Most successful attacks happen because of gaps in basic security – outdated software, weak passwords, or missing backups.
The businesses that recover fastest are those with incident response plans already in place. They know who to call, what steps to take, and how to communicate during a crisis.
Don’t wait for that 3AM phone call to think about cyber security. A proactive approach protects your business, your customers, and your sleep.
JCPIT offers a free security check to help Australian small businesses identify vulnerabilities before attackers do. Contact us today to ensure you’re prepared for the unexpected.
