Emergency Breach Response 

What to do in the event of a Cybersecurity Breach or Attack

Most modern Cybersecurity breaches that Small and Medium Business see are most commonly user-related or user-triggered in some way.

Usually, a password has somehow been compromised either by Phishing or low password security or complexity. This allows the attacker to gain access to systems or data.

User training and awareness can help hugely to prevent or at least limit the damage this kind of attack can cause.

In the event of a suspected attack or breach, you can follow the following simplified steps to help respond correctly.

1) Stay calm and don’t panic.

In a panicked state, users can make poor decisions that can make a situation worse and could in fact increase the damage rather than contain it.

2) Communicate & raise awareness

It is very important to inform users and management of the potential issue. This can help other users to not make the same mistake and also put everyone on alert and on the lookout for other potential breaches. Management and relevant departments like IT services HR and if applicable legal should be contacted straight away and any IT policies and procedures followed.

3) Contain and secure

Depending on the type of breach there are several things that you can do. For an email account or web-based system, you can change passwords and block access to the system or prevent login for the affect user or users. For a malware or virus infection, you need to limit it’s access as best you can. Take the affected computer or computers off the local network or wireless network. This will generally prevent the device from infecting others on the same network or transferring data through the internet. Usually, it is best not to turn off the computer unless advised to do so by the IT services department as it can prevent the full diagnosis of the attack and its effects. Isolate any critical systems, data or devices to prevent access or damage.

4) Investigate and determine the extent of the breach.

Keep asking questions like “How did it start?” “When did it start?” “What was the first indication of a problem?” “Is any other user or system affected?” Check and test all critical systems and data. Monitor all systems for changes and anything out of the ordinary. Log and document every step from the first instance to the final resolution or findings. Keeping a detailed account can help to determine fully how the breach occurred and how to best handle the situation.

5) Learn, prevent & invest

Learn from the mistake and put systems and procedures in place to prevent it from happening in future. Your IT Services Department should provide a full report and recommendations to increase the security in future. Management should always invest to keep the company running at its’ best level of security to prevent downtime and work outages. Putting in place international standards and practices and gaining cybersecurity certifications like Cyber Essentials & IASME can go a long way to make your company secure.

The above Incident Response Plan aims to reduce the exposures to an organization, customers, employees and partners that arise out of data theft or data loss incident. The above response plan is a guideline to help you respond to a cyber attack, based on security industry best practices and hands-on experience protecting sensitive information and systems for SMEs. It is designed to set the foundation for an incident response strategy that is proactive, pragmatic, and simple to adopt.

For further information or assistance contact us using the following details or fill out the contact form below.

Our Locations

DEITG provides nationwide IT services through three fully staffed offices in Cork, Dublin and Sligo.

Get Support

Contact Us

Cork Office


Office 4D,

Northpoint House,

Northpoint Business Park,

Mallow Road,


T23 AT2P.

Dublin Office


Unit 79,

Cookstown Industrial Estate,




D24 H317.

Sligo Office



Innovation Centre IT Sligo,

Ash Lane,



F91 WFW9.