So you've been hacked, now what?

1. Verify that an incident has taken or is taking place.

2. Identify its scope and impact (is it a customer credit card database hack with data stolen or just defacement of a little used information portal).

3. Capture evidence of the attack and any ongoing activity (forensically image workstations or servers, take live analysis of compromised systems, collect logs for network infrastructure."

4. Stop any ongoing compromise.

5. Determine the extent of the damage and plan repair activity.

6. Determine the attack vector and plan remediation of defences.

7. Implement security updates to prevent re-compromise (apply patches, harden vulnerable server, improve firewall rules etc).

8. Implement repairs and restore service.

9. Analyse and investigate available evidence to determine attack timeline and confirm all compromised areas have been identified.

10. Compile evidence into report and pursue legal action.

Disclosure checklist (supplied by Prof John Walker of the ISACA):

If the breach has any actual, or potential to impact on Government Sensitive, or Marked Information Assets then call the relevant agency.

If Personal Information has been impacted which are subject to the controls under the Data Protection Act then consider the reporting channels.

If you have a Corporate Communications Division then consult with them so as to prepare for any potential of adverse reports, or press inquiries.

Always be aware of the relevant local, and International laws and legislations, and their impact on the situation. Report in accord under the guidance of your Corporate Communications Division.

Davey Winder

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at