Getting hacked is every business owner’s nightmare. One minute everything’s running smoothly, the next you’re locked out of your systems or watching customer data disappear. If it happens to your Manchester business, every second counts.
The harsh reality? 60% of small businesses that suffer a major cyberattack go out of business within six months. But those who respond quickly and correctly often survive and come back stronger.
Here’s exactly what to do when the unthinkable happens.
Immediate Response (First 30 Minutes)
1. Don’t Panic, But Act Fast
Take a breath. Panic leads to poor decisions, and poor decisions make breaches worse. You need to think clearly right now.
Document everything you can see:
- What systems are affected?
- What time did you notice the attack?
- Are you locked out of accounts?
- What error messages are you seeing?
2. Disconnect Affected Systems
This might seem obvious, but many businesses hesitate because they’re worried about losing work or disrupting operations. Here’s the truth: the disruption from isolating infected systems is nothing compared to the damage from letting an attack spread.
Unplug network cables from affected computers immediately. Turn off Wi-Fi on laptops and phones that might be compromised. If you’re not sure which systems are affected, err on the side of caution and isolate anything suspicious.
3. Secure Your Remaining Systems
Change passwords on any accounts that weren’t compromised. Enable two-factor authentication if you haven’t already. Check that your backup systems are running and haven’t been affected.
Many attacks target backups specifically because they know businesses rely on them for recovery.
Assessment Phase (Next 2 Hours)
4. Determine What Type of Attack You’re Facing
Different attacks require different responses:
Ransomware: Your files are encrypted and you’re being demanded payment. You’ll typically see a message explaining how to pay. Don’t pay immediately – there are often other options.
Data Breach: Hackers have accessed customer data, financial records, or confidential business information. You might not even know this has happened immediately.
Business Email Compromise (BEC): Someone has gained access to your email and is potentially sending emails on your behalf or intercepting communications.
Malware Infection: Your systems are running slowly, showing pop-ups, or behaving strangely. This could be spyware, adware, or worse.
5. Check Your Backups
This is the moment of truth. Can you restore from backups? When were they last tested? Are they clean?
If your backups are working and recent, you might be able to restore quickly without paying ransoms or losing significant data. But test them on an isolated system first – some sophisticated attacks corrupt backups too.
6. Preserve Evidence
Before you clean anything, take photos of error messages, ransom notes, or unusual system behaviour. Save log files if you can access them safely.
This evidence will be crucial for:
- Police reports
- Insurance claims
- Understanding how the attack happened
- Preventing future attacks
Communication (Within 24 Hours)
7. Notify Your IT Support Partner
If you work with a managed IT support company in Manchester, call them immediately. They’ll have experience with these situations and can guide your technical response.
If you don’t have IT support, now you understand why every business needs it. But don’t panic – there are still steps you can take.
8. Contact Law Enforcement
Report the attack to Action Fraud (0300 123 2040) and your local police. Cyberattacks are crimes, and law enforcement agencies are building databases to track and pursue cybercriminals.
You’ll need:
- Details of what happened
- Evidence you’ve preserved
- Estimated financial impact
9. Review Your Legal Obligations
Under UK GDPR, you have 72 hours to report certain types of data breaches to the Information Commissioner’s Office (ICO). Personal data breaches that pose a risk to individuals must be reported.
Check what customer data might have been compromised:
- Names and contact details
- Financial information
- Login credentials
- Medical records
- Any other personal information
10. Prepare Customer Communications
If customer data was potentially compromised, you’ll need to tell them. This is legally required and, done properly, can actually strengthen customer trust.
Your communication should:
- Explain what happened in simple terms
- Clarify what data was affected
- Outline what you’re doing to fix it
- Provide advice on what customers should do
- Show you’re taking responsibility
Recovery Process
11. Clean and Restore Systems
Work with your IT support to:
- Remove malware completely
- Patch security vulnerabilities
- Restore data from clean backups
- Test all systems thoroughly
Don’t rush this phase. It’s tempting to get back online quickly, but if you don’t clean thoroughly, the attackers might maintain access to your systems.
12. Strengthen Your Defences
Learn from what happened:
- How did the attackers get in?
- What could have prevented it?
- What early warning signs did you miss?
Common entry points include:
- Phishing emails that staff clicked
- Unpatched software vulnerabilities
- Weak or reused passwords
- Remote access systems without proper security
13. Review and Update Your Security
This attack was a wake-up call. Use it to improve your security posture:
Email Security: Implement advanced email filtering and staff training programmes.
Access Controls: Ensure staff only have access to systems they need for their role.
Network Security: Segment your network so an attack can’t spread easily.
Endpoint Protection: Install comprehensive antivirus and anti-malware solutions.
Backup Strategy: Test your backups regularly and keep offline copies.
Prevention is Better Than Cure
The best time to prepare for a cyberattack is before it happens. Manchester businesses that invest in proper cybersecurity rarely face successful attacks.
Essential protections include:
- Managed IT support with 24/7 monitoring
- Regular security training for staff
- Multi-factor authentication on all business accounts
- Automated patch management
- Professional backup and disaster recovery
Getting Professional Help
Dealing with a cyberattack alone is incredibly stressful and technically complex. Many Manchester businesses try to handle it themselves and make costly mistakes that extend the disruption.
Professional IT support companies have:
- Experience with different types of attacks
- Tools to detect and remove threats effectively
- Established processes for quick recovery
- Relationships with law enforcement and regulatory bodies
- Insurance industry contacts for claims support
The cost of professional help is always less than the cost of getting the response wrong.
Your Business Will Survive This
A cyberattack feels overwhelming when it happens, but remember: thousands of businesses face these attacks every year and most recover successfully.
The key differences between businesses that survive and those that don’t are:
- Speed of response
- Quality of preparation
- Access to professional help
- Willingness to learn from the experience
If your Manchester business faces a cyberattack, follow this guide, get professional help quickly, and focus on getting back to serving your customers safely.
The attack might feel like the end of the world when it happens, but with the right response, it can be just a temporary disruption in your business’s long-term success.
Recovery is possible. You’ve got this.
Need help with your business cybersecurity? Contact our Manchester IT support team for professional guidance and protection.
