A cyber attack on your business can unfold in minutes—but the consequences can last months or even years.

Whether you're facing ransomware, data theft, account compromise, or a system outage caused by malware, the key to limiting damage lies in a fast, structured response.

At STORM Guidance, we work with businesses of all sizes to guide them through cyber incidents—providing the clarity, confidence, and technical support needed to recover fully and build long-term resilience.

Here’s what to do immediately if you think your business is under attack:

1. Isolate the Threat

Time is critical.

• Disconnect infected devices from the internet and your network (wired or wireless).

• Disable remote access systems (like VPNs or RDP) to stop further spread.

• If possible, don’t power off systems—they may contain volatile memory needed for investigation.

2. Notify Internal Stakeholders

Alert your internal team:

• IT or security personnel (if available)

• Senior leadership

• Legal and compliance contacts

• Communications/PR teams if the breach is potentially public

3. Engage a Cyber Incident Response Expert

Cyber attacks often involve complex forensics, legal risk, and in some cases, contact with threat actors.

Don’t try to manage it alone. STORM Guidance provides full incident response support, including:

• Technical containment and investigation

• Legal and regulatory coordination

• Client and stakeholder communications

• Threat actor engagement, if the attack includes ransomware or extortion attempts

4. Assess and Preserve Evidence

You'll need to understand how the attack happened and what was affected.

• Preserve logs, email headers, file samples, and ransom notes (if relevant).

• Avoid deleting or restoring systems until instructed—this could destroy vital evidence.

• Begin a forensic investigation to determine scope, timeline, and root cause.

5. Identify and Prioritise Impacted Assets

Work with your IT and response teams to assess:

• What systems or data have been compromised?

• Is sensitive client, employee, or operational data involved?

• Can you safely isolate and restore from backups?

6. Communicate Internally and Externally

Transparency matters—but timing and messaging are critical.

• Notify regulators or data protection authorities if required (e.g. ICO in the UK).

• Communicate with customers, suppliers, and partners as needed.

• Prepare holding statements or press responses if there's a risk of media exposure.

STORM Guidance supports crisis comms planning during active incidents.

7. Begin Secure Recovery

Once the attack is contained and understood:

• Restore clean systems from verified backups

• Apply patches and reset credentials across systems

• Monitor for persistence or re-entry attempts

Don’t just return to normal—harden your environment during recovery.

8. Review, Report, and Rebuild Resilience

Every incident is a learning opportunity:

• Conduct a full incident post-mortem

• Review what worked—and what didn’t—in your response

• Update your incident response plan

• Schedule user training, system upgrades, and tabletop exercises

Need Help Now? STORM Guidance Is Ready

Whether you’re responding to an attack right now or preparing for future threats, STORM Guidance is here to support you.

We provide:

✔ 24/7 incident response

✔ Forensic analysis and secure recovery

✔ Legal and regulatory guidance

✔ Strategic communications support

✔ Long-term resilience planning

Act Fast. Stay Focused. Recover Smart.

A cyber attack can feel overwhelming—but with the right plan and support, it doesn't have to be devastating.

The key is to act quickly, communicate clearly, and work with trusted experts to regain control.

STORM Guidance helps businesses respond with confidence — from containment and recovery to ransomware negotiation and threat actor engagement, where needed.