7 Top Tips to Help You Respond Effectively to a Cyberattack

At Alternit One, we understand that experiencing a cyberattack can be stressful and disruptive, especially within regulated sectors such as finance, where trust and data integrity is paramount for compliance and investor trust. Being prepared is crucial.

Carrie Whamond, one of our Founding Partners and Christ Steele, our CTO, recently hosted a cyberattack scenario workshop at the Northern Trust Integrated Trading Solutions Summit 2025. Here are seven essential tips from that workshop to help you manage and prepare for a crisis and minimise its impact:

1. Quickly establish the scope

When alerted to an issue, such as a team member being unable to access systems, act swiftly and decisively. Use pre-established alternative communication channels (SMS, Conference Bridge, alternative email) to check who has access and who doesn't. Confirming the full extent early on provides a clear picture, enabling your incident management team to respond confidently.

2. Assemble an Incident Management Team

Create a clearly defined Incident Management Team involving senior leadership and essential operational stakeholders. This group should immediately establish a communication protocol, specifying who manages internal communications, external stakeholders, media relations, and liaison with your IT providers. Clearly delegated responsibilities ensure clarity during chaotic moments.

3. Secure alternative access to essential services

If primary systems such as Microsoft 365 are compromised, contingency plans should be implemented promptly. Temporarily disable Single Sign-On (SSO) protocols to regain independent access to critical applications. Considering shifting essential services (like email) temporarily through platforms like Mimecast - documenting all temporary measures meticulously to maintain regulatory compliance and simplify eventual reversals.

4. Initiate a forensic investigation

Engage your IT provider or specialist cybersecurity firm immediately to conduct a forensic analysis. Understanding how the breach occurred, the damage incurred, and potential remediation steps are critical for addressing immediate vulnerabilities and preventing future incidents.

5. Clear and prompt communication

Transparent communication with clients, investors, suppliers, and regulators is essential and reassuring. Alert stakeholders quickly if malicious activities occur, such as phishing emails from compromised internal accounts. Share clear instructions on the steps stakeholders should take, and assure them your team is actively addressing the situation. Engaging your PR or marketing team to handle external messaging professionally can help maintain trust and protect your firm's reputation.

6. Prepare comprehensive incident reporting

Detailed documentation throughout the cyberattack is valuable and a shield of protection. Record every action, every compromised system, every temporary fix, and every external communication made. Prepare clear declarations to regulatory bodies such as the Information Commissioner's Office (ICO) and financial regulators, ensuring complete transparency. Such documentation will help manage regulatory risks and provide invaluable insights post-incident.

7. Implement robust long-term remediation

Once immediate threats have been contained, focus on long-term remediation. Actions such as resetting all passwords, adopting stringent Multi-Factor Authentication (MFA) policies (e.g., number matching), and regularly providing cyber awareness training (particularly phishing recognition) to staff are key. Strengthening access controls with policies like conditional access (trusted locations/devices only) and DMARC email security standards also significantly enhances resilience against future threats.

A cyberattack presents significant challenges. With clear planning, swift action, and strong internal and external communication, businesses can effectively manage and overcome the incident, strengthening their operational resilience in the process. At Alternit One, our range of cybersecurity services is extensive, from Endpoint Detection and Response to Intrusion Detection Services, along with our openness to work with external third-party security firms or applications. Contact us via info@alternitone.com to see how we can help.