The holidays are supposed to be quiet — or at least quieter. But cyberattacks don’t take time off. In fact, year-end is prime time for hackers. They count on your office being closed, your guard being down, and your IT support being unavailable.
So, what if you suspect a breach during your holiday closure?
Here’s a clear, plain-English response plan for business owners. No jargon, no panic — just a simple path forward to protect your business, your reputation, and your peace of mind.
Step 1: Pause and Don’t Touch Anything
If you or a staff member sees something suspicious — a fake login page, files that suddenly won’t open, a strange email sent from your account — stop using the affected device immediately.
Don’t keep clicking.
Don’t try to “Google fix” it.
Don’t power down unless you're dealing with ransomware and you need to contain it.
Think of it like a crime scene: the less disturbance, the better.
Step 2: Document What You See
Before alerting anyone, take a moment to note what happened and when. Write it down or take pictures with your phone:
- What device was being used?
- What exactly did the user click or see?
- Were there any strange messages or file changes?
- Who else might be impacted?
These details help IT triage faster — and reduce the time and cost to recover.
Step 3: Contact Your IT Partner or Cyber Insurance Hotline
If you have an MSP (Managed Service Provider), call their emergency number. Don’t just email — during holidays, response time may depend on their alert system, and emails alone could be delayed.
No formal IT partner? Check if your cyber insurance has a 24/7 incident response number. Many do — and responding through them may be required to ensure coverage.
Can’t reach either? Move to the next step, then call first thing when business reopens.
Step 4: Isolate the Threat
If you suspect a specific device is infected, unplug it from the internet (disable Wi-Fi or unplug the cable) but do not turn it off unless told to.
This keeps the bad actor from spreading or covering their tracks. Again, think “freeze the scene.”
If it’s an email breach — for example, someone sent suspicious emails from your account — change your Microsoft 365 password from a different device, and turn on multifactor authentication (MFA) if it wasn’t already enabled.
Step 5: Alert Your Team
Tell your team what’s happening, even if it’s after hours. Keep it simple:
“We’ve seen suspicious activity on one of our systems. Please do not use company devices or email until further notice. We’re working with our IT provider and will update you soon.”
Avoid speculation or blame — just keep everyone informed.
Step 6: Prep for Post-Breach Cleanup
When your IT team is engaged, they’ll likely:
- Identify how the threat got in
- Contain and remove the malware
- Restore clean backups
- Review audit logs and user access
- Help notify any affected parties (clients, insurers, regulators)
Your job? Provide them with honest information and ask for a post-incident report. This becomes a key part of your insurance, compliance, and future planning.
Step 7: Turn this into a Turning Point
Once the dust settles, use the incident as a wake-up call. Ask yourself:
- Do we have working backups — and who’s tested them?
- Do we have an up-to-date incident response plan?
- Does every account use MFA?
- Do our employees know how to spot phishing?
- Do we have someone accountable for our IT?
You don’t need a big-city security team to be resilient. You just need clear steps, good partners, and a culture that values preparedness.
Final Thought from DAGI
It’s easy to freeze when something goes wrong — especially over the holidays when support feels far away. But staying calm, documenting what happened, and calling in the right help can make all the difference.
And if you don’t have an IT partner who answers when it counts? That might be your 2026 resolution.
Until then, we are wishing you a peaceful season — and the quiet confidence that comes from being ready, no matter what.
