It’s the nightmare no small business owner wants to face: you’ve been hacked. Maybe you’ve spotted suspicious transactions, strange emails sent from your account, or even a full lockout of your system. Take a deep breath. While it’s stressful, there is a clear path to recovery, and the sooner you act, the better.
Key Takeaways:
- Stay calm and don't make quick emotional decisions
- Update your passwords and enable multi-factor authentication
- Report the incident
- Check what data has been compromised
- Become a Cyber Warden and strengthen your defences
Step 1: Act fast (but remain calm) to contain the damage
Scammers are counting on you to panic and make quick, emotional decisions. That’s how they win. Staying calm is your first line of defence.
First, lock it down. Change your passwords immediately (use strong, unique ones!) and enable multi-factor authentication if you haven’t already. If you’ve been locked out of accounts, contact your provider ASAP for recovery options. Disconnect affected devices from the internet to stop further data leaks, and check if your antivirus software has detected any threats.
Next, report the incident. In Australia, head straight to the Australian Signals Directorate’s ReportCyber page to log the cyber crime. It helps authorities track threats and provides guidance for victims. If you prefer to talk to someone, you can contact the Australian Cybersecurity Hotline on 1300CYBER1.
For personal support, especially if sensitive info like your identity or customer data has been exposed, reach out to IDCARE. They offer free, confidential support and tailored advice to help you manage the fallout.
Step 2: Assess the damage
Once you’ve contained the immediate threat; take stock. What systems or accounts were accessed? Has customer data been exposed? Check bank statements, email logs, and cloud storage for any suspicious activity. If customer or supplier details were compromised, you may need to notify them, as well as Scamwatch, to help prevent follow-up scams.

Step 3: Strengthen your defences for next time
After the dust settles, it’s time to fortify your cyber walls. Update all systems and software, review who has access to sensitive data, and consider cyber security tools like endpoint protection or dark web monitoring. Most importantly, invest in training for yourself and your team. Scammers are getting smarter, but so can you.
For simple, practical steps to stay ahead of future attacks, enrol in the free Cyber Wardens training program. Because in cyber security, prevention is always better than cure.