Stay Calm — Then Move Fast

Discovering that your business has been hacked is one of the worst feelings an owner can experience. It’s disorienting, frightening, and the natural impulse is either to panic and start clicking everything trying to undo it, or to freeze and hope it resolves itself. Neither response helps. What actually helps is a clear sequence of steps taken quickly and calmly. The damage from a cyberattack almost always gets worse the longer it goes unaddressed — but businesses that respond methodically typically limit their losses significantly. If you’ve been hacked or suspect you have, here is exactly what to do.

Step One: Contain the Damage Immediately

Your first priority is stopping the attack from spreading. Disconnect affected devices from your network right away — turn off Wi-Fi, unplug ethernet cables, or if you’re unsure which devices are compromised, consider briefly taking your entire network offline. If the attack involves your website, contact your web host immediately and ask them to take the site offline temporarily. If it involves a compromised email account, log in from a clean device and revoke all active sessions (most email platforms have this option under Security settings), then change the password and enable two-factor authentication. The goal of containment is simple: stop the bleeding before you start treating the wound.

Step Two: Identify What Was Compromised

Once you’ve contained the immediate situation, you need to understand the scope of what happened. Was it a single email account, your entire network, your website, your point-of-sale system? Check your email sent folder for messages you didn’t send. Look at your website for new pages, redirects, or injected code. Review your financial accounts for unauthorized transactions. Check whether any accounts show recent logins from unfamiliar locations or devices — Google, Microsoft, and most banking platforms show login history in security settings. Understanding exactly what was accessed or altered shapes every decision you make from here. Document everything you find with timestamps, even if it feels tedious — you may need this record later.

Step Three: Change Credentials Across the Board

Once you know which accounts were involved, begin changing passwords systematically — starting with your most critical accounts: business email, banking, your website admin panel, your domain registrar, social media, and any financial or payroll software. Use your password manager to generate new, strong, unique passwords for each. Do not reuse any old passwords. Enable two-factor authentication on every account that supports it if you haven’t already. If you don’t yet have a password manager, now is the time to set one up — 1Password, Bitwarden, and Dashlane are all excellent choices for small businesses. If you suspect your domain registrar account was compromised, enable domain lock and registrar lock as additional safeguards against unauthorized transfers.

Step Four: Clean Up the Affected Systems

For compromised devices, run a full scan using a reputable malware removal tool — Malwarebytes is free for personal use and effective. If a device was seriously compromised, the safest path is often a full factory reset and fresh operating system install, restoring data from a backup taken before the attack. For a hacked website, your web host likely has clean backups to restore from — ask. After restoring, update WordPress (or whatever platform you use), update every plugin and theme, remove any plugins or themes you don’t actively use, and scan for malware using a tool like Wordfence or Sucuri. Change all FTP credentials, database passwords, and hosting panel passwords in the process. Don’t just restore the old version without addressing how the attacker got in — the same vulnerability will be exploited again.

Step Five: Notify the Right People

Depending on the nature of the breach, you may have legal and ethical obligations to notify others. If customer data was accessed — names, emails, payment information, or any other personal information — you may be required by state law to notify affected customers. Washington state has breach notification requirements under RCW 19.255.010 that apply to businesses holding personal data. Contact your business bank or payment processor if any financial credentials were exposed — they can monitor for fraud and may need to reissue cards or account numbers. Report the incident to the FBI’s Internet Crime Complaint Center at ic3.gov, especially if money was stolen. File a report with your local law enforcement as well. If you have cyber liability insurance, notify your carrier as soon as possible — delays can affect coverage.

Step Six: Build a Better Foundation Going Forward

Every business that gets hacked faces a choice: patch the immediate hole and move on, or use the incident as a catalyst to build genuinely better security practices. The businesses that get hit twice almost always chose the first option. Use this as your forcing function to get a password manager deployed across your team, enable 2FA on all critical accounts, establish a regular backup routine (automated, offsite, tested), keep all software updated, and train your staff on phishing recognition. None of these are expensive or technically demanding. They just require the decision to do them.

If your business has been hacked or you want to make sure you’re better protected before something happens, we can help. Manson Bay Digital works with small business owners to build secure, professional digital systems. Reach out through our contact page or call (509) 800-7735 — we’re here to help you move forward with confidence.