That horrifying moment when you suspect your Ottawa SMB has been hacked – a ransomware demand, data vanishing, systems locked. Panic is natural, but immediate, correct actions are CRITICAL. When an Ottawa SMB suspects a cyber breach, owners and staff are often unsure of the immediate, critical steps to take. Mistakes in these early moments can worsen the situation or delay effective recovery.
This guide provides Ottawa SMBs with a clear, calm, and actionable first-response plan. You’ll learn how to contain a suspected hack, preserve evidence where possible, and understand why expert help is urgent.
👉 SUSPECT A BREACH IN YOUR OTTAWA SMB? Call CapitalTek's Emergency Cybersecurity Hotline NOW.
CapitalTek provides expert cybersecurity incident response for Ottawa businesses. If you suspect a breach, these initial steps are vital, but contact us immediately for professional assistance.
Acting impulsively may erase evidence or make recovery harder.
This is not about fixing it yourself—it’s about buying time until cybersecurity professionals step in.
Step 1: Disconnect Affected Systems from the Network IMMEDIATELY
How: Unplug Ethernet cables, disable Wi-Fi on suspect PCs/servers.
Why: Prevents malware spread and blocks attackers from moving further.
Step 2: DO NOT Turn Off Affected Machines (Unless Instructed by Experts)
Why: Shutting down can destroy critical RAM-based evidence.
Exception: If ransomware is actively encrypting files, disconnect the network first, then consult experts before powering off.
Step 3: DO NOT Pay Any Ransom Immediately
Why: Paying doesn’t guarantee recovery and funds criminals.
Always consult cybersecurity experts first.
Step 4: Identify and Isolate ALL Potentially Compromised Systems
Look for strange behavior or error messages across your network.
Step 5: Change CRITICAL Passwords from a Known Clean Device
What: Admin accounts, banking logins, and cloud services.
How: Use a trusted computer or mobile device NOT suspected of compromise.
Step 6: CONTACT YOUR CYBERSECURITY / IT INCIDENT RESPONSE PARTNER (CapitalTek)
Why: Professionals have the tools for containment, investigation, and recovery.
What to share: Symptoms, timelines, and any actions already taken.
Step 7: Document Everything You Observe & Do
Record error messages, timestamps, affected systems, and steps taken.
Step 8: Preserve Evidence Without Tampering
Don’t delete suspicious files or run “cleanup tools” until guided by experts.
❌ Don’t try to fix it yourself without expertise.
❌ Don’t plug in USBs or connect other devices to affected machines.
❌ Don’t dismiss the incident as “minor.”
❌ Don’t restore backups immediately without expert advice (they may be compromised).
Forensic Investigation
Uncover what happened, when, and how.
Containment, Eradication & Recovery
Secure your systems, remove threats, and restore operations.
Post-Incident Review & Hardening
Address vulnerabilities to strengthen your defenses.
Breach Notification (PIPEDA Compliance)
If personal data is exposed, you may be legally required to notify affected parties.
Rapid Local Response from Ottawa-based cybersecurity experts.
Experience with Common Threats that target small businesses.
Guidance Through the Entire Incident Lifecycle—from first response to prevention planning.
If your Ottawa SMB suspects a hack:
Disconnect affected systems.
Don’t power off unless instructed.
Don’t pay ransoms.
Change critical passwords from a clean device.
Call cybersecurity professionals immediately.
A cyber breach is a serious emergency. Calm, deliberate action and immediate expert help can minimize damage and speed recovery.
👉 IF YOU BELIEVE YOUR OTTAWA SMB IS UNDER ATTACK, CALL CAPITALTEK'S EMERGENCY RESPONSE TEAM NOW.
For non-urgent concerns or to build a stronger defense, contact CapitalTek for a consultation.