If Your Business Has a Cyber Attack, Do You Know What to Do?
6 February 2026
Cyber attacks rarely arrive with a warning. One minute everything looks normal. The next, files won’t open, accounts are locked, or suspicious activity starts appearing across your systems.
In that moment, knowing what to do, and what not to do, matters.
Here are the key steps you should take if your business experiences a cyber attack.
Step 1: Stop and contain the issue
Your first instinct might be to “fix” things quickly, but acting without a plan can make the situation worse.
If you suspect an attack:
-
Disconnect affected devices from the network
-
Do not shut systems down unless advised
-
Do not delete files, emails, or logs
Preserving evidence helps identify what’s happened and limits further damage.
This is where Maple steps in immediately. We help contain the incident safely and prevent it from spreading across your environment.
Step 2: Identify what has been affected
Not all attacks are obvious. Some involve data access rather than disruption.
You need to understand:
-
Which systems are impacted
-
Whether user accounts are compromised
-
If data has been accessed, encrypted, or removed
Guessing leads to missed risks.
Maple investigates the incident properly, using logs and monitoring to build a clear picture of what’s been affected and how the attack occurred.
Step 3: Secure access and credentials
Once containment is in place, access needs to be locked down.
This typically includes:
-
Resetting passwords across affected accounts
-
Revoking active sessions
-
Reviewing admin and privileged access
-
Applying temporary access restrictions if required
Maple manages this process in a controlled way to avoid locking teams out unnecessarily while still restoring security.
Step 4: Communicate clearly and calmly
During an incident, poor communication creates more damage than the attack itself.
Staff should know:
-
What’s happening
-
What they should and shouldn’t do
-
Who to report issues to
In some cases, customers or partners may also need to be informed.
Maple supports clients with clear, factual messaging so communication is accurate, timely, and appropriate to the situation.
Step 5: Recover systems safely
Restoration should never be rushed. Systems must be confirmed clean before being brought back online.
This may involve:
-
Restoring data from backups
-
Rebuilding affected devices
-
Validating system integrity
-
Gradually reintroducing access
Maple leads recovery to ensure systems are restored securely, not just quickly.
Step 6: Understand what needs to change
Once operations are stable, the final step is learning from the incident.
This includes:
-
Identifying the root cause
-
Closing gaps that were exploited
-
Improving monitoring and controls
-
Updating processes and training where needed
Maple works with clients post-incident to strengthen their environment and reduce the chance of a repeat attack.
Why having support matters
Cyber incidents are stressful, disruptive, and time-critical. Having a clear response plan and a trusted partner removes panic from the situation and helps protect your business, your data, and your reputation.
Maple supports clients before, during, and after incidents. From rapid response to recovery and long-term improvements, we’re there when it matters most. If you want expert support when it matters most, get in touch with Maple to find out how we can help.
