[Crawl-Date: 2026-04-11]
[Source: DataJelly Visibility Layer]
[URL: https://griffinitgroup.com/blog/what-to-do-if-business-gets-hacked]
---
title: What To Do If Your Business Gets Hacked
description: Step-by-step guide for business owners: what to do immediately if your company gets hacked. Containment, recovery, and prevention.
url: https://griffinitgroup.com/blog/what-to-do-if-business-gets-hacked
canonical: https://griffinitgroup.com/blog/what-to-do-if-business-gets-hacked
og_title: What To Do If Your Business Gets Hacked
og_description: Step-by-step guide for business owners: what to do immediately if your company gets hacked. Containment, recovery, and prevention.
og_image: https://griffinitgroup.com/griffin-logo-og.png
twitter_card: summary_large_image
twitter_image: https://griffinitgroup.com/griffin-logo-og.png
---

# What To Do If Your Business Gets Hacked
> Step-by-step guide for business owners: what to do immediately if your company gets hacked. Containment, recovery, and prevention.

---

![Business owner at laptop with red ransomware warning screen while IT technician rushes in to provide emergency support](https://griffinitgroup.com/assets/blog-business-gets-hacked-BRLRRhF6.jpg)

Finding out your business has been hacked is one of the most stressful moments any business owner can face. Whether it is ransomware locking your files, a compromised email account sending fraudulent invoices, or customer data exposed in a breach — the first few hours matter more than anything. This guide walks you through exactly what to do, step by step, from the moment you discover a breach through full recovery.

[From Our IT Service Catalogue
Small Business Cybersecurity Services →
Deep Dive](https://griffinitgroup.com/small-business-cybersecurity)

## Why It Matters

The actions you take in the first 24 hours after discovering a cyber attack determine whether the incident remains contained or spirals into a full-scale crisis. Panic-driven decisions — like paying a ransom immediately or wiping systems before preserving evidence — often make the situation worse. Having a clear, rehearsed response process is the difference between a bad day and a business-ending event.

- •The average time to identify and contain a breach is 277 days for organizations without a structured response plan.
- •Businesses that contain a breach within 30 days save an average of $1 million compared to those that take longer.
- •PIPEDA requires Canadian businesses to report breaches involving personal information to the Privacy Commissioner and affected individuals.
- •Preserving forensic evidence is critical for insurance claims, law enforcement, and preventing repeat attacks.
- •Employees who know what to do during an incident reduce containment time significantly compared to ad-hoc responses.
- •Many businesses that suffer a major cyber incident and lack backups never fully recover.

## How to Get Started

1. 1Do Not Panic — Take a breath. Your decisions in the next few hours will shape the outcome. Gather your key people and start working through these steps methodically.
2. 2Isolate Affected Systems — Disconnect compromised machines from the network immediately. Do not turn them off — isolate them. Powering down can destroy forensic evidence. Unplug ethernet cables and disable Wi-Fi.
3. 3Activate Your Incident Response Plan — If you have a documented plan, follow it. If you do not, this guide serves as your emergency framework. Contact your IT provider or managed security partner immediately.
4. 4Preserve Evidence — Do not delete files, wipe drives, or reinstall operating systems yet. Document everything you see: screenshots of ransom notes, timestamps of when you noticed the issue, which systems are affected, and what data may be exposed.
5. 5Assess the Scope — Determine what was compromised. Was it a single workstation, an email account, or your entire network? What data was potentially accessed or exfiltrated? This assessment drives every subsequent decision.
6. 6Notify Your Cyber Insurance Provider — Contact your insurer as early as possible. Many policies have specific notification windows and require pre-approval before engaging third-party forensics or paying any costs.
7. 7Report to Authorities — In Canada, report the breach to the Canadian Centre for Cyber Security and, if personal information was involved, to the Office of the Privacy Commissioner. PIPEDA mandates breach notification when there is a real risk of significant harm.
8. 8Communicate Transparently — Notify affected clients, vendors, and employees as required. Be honest about what happened, what you are doing about it, and what steps they should take to protect themselves.
9. 9Remediate and Recover — Once evidence is preserved and the scope is understood, begin cleanup. Rebuild compromised systems from clean backups, reset all credentials, patch the vulnerability that was exploited, and restore services methodically.
10. 10Conduct a Post-Incident Review — After recovery, document what happened, how it happened, and what changes will prevent it from happening again. Update your incident response plan with lessons learned.

+Change all passwords across your organization, starting with admin and privileged accounts.

+Review access logs to identify how the attacker gained entry and whether they maintained persistent access.

+Engage a third-party forensics firm if the breach involves sensitive data or if your insurance provider requires it.

+Update your cybersecurity controls based on the vulnerabilities that were exploited in the attack.

## Frequently Asked Questions
## Should I pay the ransom if my business is hit with ransomware?
## Am I legally required to report a data breach in Canada?
## How long does it take to recover from a cyber attack?
## Will my cyber insurance cover the costs?
## How do I prevent this from happening again?
## Should I tell my customers about the breach?

## Final Takeaway

Getting hacked is not the end of your business — but how you respond determines whether it becomes a turning point or a catastrophe. Prepare now by documenting an incident response plan, testing your backups regularly, and working with a security partner who can respond when minutes matter.

## Related IT Glossary Terms

[Ransomware
A type of malware that encrypts a victim's files and demands payment (ransom) to restore access. Ransomware attacks can cripple businesses by making critical data inaccessible.](https://griffinitgroup.com/it-glossary/ransomware) [Incident Management
The ITSM practice of restoring normal service operation as quickly as possible after an unplanned interruption or reduction in quality, minimizing the impact on business operations.](https://griffinitgroup.com/it-glossary/incident-management) [Phishing
A cyberattack that uses disguised emails or messages to trick recipients into revealing sensitive information, clicking malicious links, or downloading malware. Phishing is one of the most common attack methods.](https://griffinitgroup.com/it-glossary/phishing)

Cybersecurity

Incident Response

Small Business

Data Breach

Recovery

## Structured Data (JSON-LD)
```json
{"@context":"https://schema.org","@type":["BlogPosting","Article"],"headline":"What To Do If Your Business Gets Hacked","description":"Step-by-step guide for business owners: what to do immediately if your company gets hacked. Containment, recovery, and prevention.","image":{"@type":"ImageObject","url":"https://griffinitgroup.com/assets/blog-business-gets-hacked-BRLRRhF6.jpg"},"thumbnailUrl":"https://griffinitgroup.com/assets/blog-business-gets-hacked-BRLRRhF6.jpg","datePublished":"2026-03-20","dateModified":"2026-03-20","wordCount":2000,"author":{"@type":"Organization","name":"Griffin IT Group","url":"https://griffinitgroup.com"},"publisher":{"@type":"Organization","@id":"https://griffinitgroup.com/#organization","name":"Griffin IT Group","logo":{"@type":"ImageObject","url":"https://griffinitgroup.com/griffin-logo.png"}},"mainEntityOfPage":{"@type":"WebPage","@id":"https://griffinitgroup.com/blog/what-to-do-if-business-gets-hacked"},"isPartOf":{"@type":"Blog","@id":"https://griffinitgroup.com/blog","name":"Griffin IT Group Blog"},"speakable":{"@type":"SpeakableSpecification","cssSelector":["h1",".text-lg.text-muted-foreground"]},"keywords":"what to do if business gets hacked, business hacked what to do, cyber attack response small business, data breach response plan","articleSection":"Cybersecurity","inLanguage":"en-CA"}
```


## Discovery & Navigation
> Semantic links for AI agent traversal.

* [Home](https://griffinitgroup.com/)
* [About](https://griffinitgroup.com/about)
* [Services](https://griffinitgroup.com/services)
* [Blog](https://griffinitgroup.com/blog)
* [Contact](https://griffinitgroup.com/contact)
* [(289) 667-4000](tel:+12896674000)
* [info@griffinitgroup.com](mailto:info@griffinitgroup.com)
* [IT Glossary](https://griffinitgroup.com/it-glossary)
* [Site Map](https://griffinitgroup.com/sitemap)
* [Cybersecurity](https://griffinitgroup.com/small-business-cybersecurity)
* [Managed IT Services](https://griffinitgroup.com/managed-it-services-niagara)
* [Field Services](https://griffinitgroup.com/field-it-services-niagara)
* [Network Infrastructure](https://griffinitgroup.com/network-infrastructure-niagara)
* [Niagara Community Support](https://griffinitgroup.com/niagara-community-support)
* [Thorold](https://griffinitgroup.com/thorold-it-support)
* [Managed IT](https://griffinitgroup.com/managed-it-services-thorold)
* [St. Catharines](https://griffinitgroup.com/st-catharines-it-support)
* [Managed IT](https://griffinitgroup.com/managed-it-services-st-catharines)
* [Welland](https://griffinitgroup.com/welland-it-support)
* [Managed IT](https://griffinitgroup.com/managed-it-services-welland)
* [Niagara Falls](https://griffinitgroup.com/niagara-falls-it-support)
* [Managed IT](https://griffinitgroup.com/managed-it-services-niagara-falls)
* [Fort Erie](https://griffinitgroup.com/fort-erie-it-support)
* [Managed IT](https://griffinitgroup.com/managed-it-services-fort-erie)
* [Grimsby](https://griffinitgroup.com/grimsby-it-support)
* [Managed IT](https://griffinitgroup.com/managed-it-services-grimsby)
* [NOTL](https://griffinitgroup.com/niagara-on-the-lake-it-support)
* [Managed IT](https://griffinitgroup.com/managed-it-services-niagara-on-the-lake)
* [Ajax](https://griffinitgroup.com/ajax-it-support)
* [Managed IT](https://griffinitgroup.com/managed-it-services-ajax)
* [Burlington](https://griffinitgroup.com/burlington-it-support)
* [Managed IT](https://griffinitgroup.com/managed-it-services-burlington)
* [Hamilton](https://griffinitgroup.com/hamilton-it-support)
* [Managed IT](https://griffinitgroup.com/managed-it-services-hamilton)
* [Oakville](https://griffinitgroup.com/oakville-it-support)
* [Managed IT](https://griffinitgroup.com/managed-it-services-oakville)
* [Explore Our Full CapabilitiesIT Service Catalogue — 220+ Services Across 39 Domains](https://griffinitgroup.com/it-service-catalogue)