It is 9:15 on a Tuesday. A staff member calls you over. Files will not open, and a message on the screen is demanding money. Your stomach drops. What you do in the next sixty minutes matters more than almost anything that follows.

Some panic is natural. A plan beats panic. Here is how to manage that first hour.

Contain it first

Your immediate task is to stop the spread. Disconnect the affected computer from the network. Unplug the network cable, or switch off the Wi-Fi on that machine. This prevents the problem from reaching other devices.

Do not power the computer fully off unless you are advised to. A shutdown can erase clues that help specialists determine what happened. Simply isolate it from the network and your other systems.

If you suspect additional machines are involved, disconnect those as well. Slowing work for an hour is far preferable to losing everything by lunch.

Call for help and write it down

Now bring in the people who can help. Contact your IT provider immediately. If someone is already monitoring your systems, as we do through our managed IT services, they may already be responding. The sooner a professional engages, the less damage you face.

Begin a simple log as events unfold. Record the time you noticed the problem, what appeared on screen, and the actions you have taken. Photograph any messages with your phone. This record assists your IT team, supports an insurance claim, and helps the police if it comes to that.

Do not pay a ransom on your own. Do not delete anything. And hold off on emailing the whole company, since that can spread alarm and tip off the attacker.

Who else needs to know

Once the situation is contained, consider who must be told. In Ontario and across Canada, the law often requires you to notify individuals whose personal data was exposed. Privacy rules can carry real penalties for staying silent.

Your IT provider and a lawyer can guide you here. The principle is to be honest and prompt. Customers forgive a breach that is handled well far more readily than one that is concealed.

The best time to prepare is before any of this happens. A short IT assessment shows where you are exposed, and our FAQs answer the questions owners ask most.

FAQ

Should I pay the ransom?

Usually no, and never on your own. Payment does not guarantee the return of your files, and it identifies you as a willing target. Consult a professional before deciding anything.

Who do I have to notify after a breach?

Often the affected individuals and a privacy regulator, depending on what data was exposed. Canadian privacy law sets out notification requirements. A lawyer or your IT provider can walk you through them.

How do I know if it’s a real breach or a fake warning?

Some pop-ups are scams meant to frighten you into calling a fraudulent number. When in doubt, do not click or call. Contact your trusted IT provider and let them assess it.

Can a backup save me from ransomware?

A sound, tested backup is your strongest defence. If your files are locked, you can restore clean copies rather than pay. That is why backups matter so much.

Do not wait for a crisis to find your weak spots. Call us and we will build a straightforward response plan before you ever need it.