Managed IT • Commercial Security Cameras • Cybersecurity • WiFi • Northern Michigan
833-787-2487support@northern-pc.com
Incident Response

What To Do If Your Business Gets Hacked

If your business may have been hacked, the first steps are containment, documentation, clean password resets, account review, and qualified help.

Quick Answer

Do not panic, do not keep using affected systems, and do not assume the visible symptom is the whole problem.

  • Contain the issue first
  • Review Microsoft 365 and backups
  • Notify insurance when appropriate

First, Slow Down and Contain the Damage

If your business may have been hacked, the first response matters. Panic causes mistakes. Ignoring the problem makes it worse. The right approach is to slow down, preserve information, contain damage, and get qualified help.

A hacked business may involve malware, ransomware, stolen passwords, email compromise, fraudulent payments, remote access abuse, or a compromised vendor. The response depends on what happened.

Signs Your Business May Be Compromised

  • Users cannot access files
  • Files are renamed or encrypted
  • Email is sending messages users did not send
  • Unexpected MFA prompts appear
  • Passwords stop working
  • Banking or invoice changes are reported
  • Antivirus or EDR alerts appear
  • Unknown remote access tools are installed
  • New administrator accounts appear
  • Systems are unusually slow or behaving strangely

Disconnect Affected Devices When Needed

If active malware or ransomware is suspected, disconnect affected machines from the network. Do not simply keep using them. Disconnecting can help stop spread while preserving the device for review.

Do not randomly wipe systems before understanding what happened. Evidence may be needed for insurance, legal review, or determining the scope of compromise.

Change Passwords Carefully

Password resets may be necessary, but they should be done from a clean device. If a computer is infected with credential-stealing malware, changing passwords from that computer may simply give the attacker the new password.

Check Microsoft 365

Business email compromise is common. Review sign-in logs, forwarding rules, inbox rules, MFA status, connected apps, suspicious sent mail, and administrator activity.

If email was compromised, also review whether customers, vendors, or employees received fraudulent messages.

Review Backups Before Restoring

If ransomware or destructive activity is involved, verify backups before restoring. Make sure backups are clean, recent enough, and protected from the same compromise.

Notify Insurance and Legal Contacts

If the business has cyber insurance, notify the carrier according to the policy requirements. Some policies require approved incident response providers. Legal requirements may apply if sensitive data was exposed.

Do Not Assume the First Symptom Is the Whole Problem

A locked account, a suspicious email, or one infected workstation may be only the visible part of the problem. Attackers may have created forwarding rules, added accounts, stolen data, or accessed other systems.

Build a Recovery Plan

Recovery should include containment, investigation, password resets, endpoint cleanup, account review, backup restore, security hardening, monitoring, and documentation.

Frequently Asked Questions

Should I turn off a hacked computer?

If active malware is suspected, disconnect it from the network. Whether to power it off depends on the situation and incident response needs.

Should I change passwords immediately?

Often yes, but use a clean device and prioritize critical accounts such as Microsoft 365, banking, remote access, and administrator accounts.

Should I call cyber insurance?

If you have cyber insurance and the incident may be significant, review the policy and notify the carrier as required.

Can backups fix everything?

Backups help restore data, but they do not automatically fix stolen credentials, exposed data, or attacker persistence.

Who should help with a business hack?

Use qualified IT, cybersecurity, legal, and insurance resources depending on the severity and type of incident.

Need Help Securing Your Business?

Northern Computer Services helps Northern Michigan businesses improve security with managed IT, Microsoft 365 security, endpoint protection, DNS filtering, backups, and practical cybersecurity planning.