Your Business Just Got Phished: 7 Critical Steps to Take Right Now

The Moment of Panic: "We Think We've Been Phished"

It's 2:30 PM on a busy Wednesday when Sarah from accounts rushes into your office: "I think I clicked on something I shouldn't have. My email is asking me to log in again, and now I can't access our client files."

Your stomach drops. In that instant, you're facing every South African business owner's nightmare — a potential phishing attack that could compromise your entire operation.

Phishing attacks are hitting SA businesses at an alarming rate, with cybercriminals specifically targeting our local companies through fake SARS notices, bogus banking alerts, and sophisticated social engineering. When it happens to your business, every minute counts.

Step 1: Stay Calm and Assess the Situation

Panic leads to poor decisions. Take a deep breath and quickly gather the facts:

• Which employee was affected?
• What exactly did they click or download?
• What credentials might have been compromised?
• Are other staff members reporting similar suspicious emails?

Document everything with timestamps. This information will be crucial for your incident response and potential insurance claims.

Step 2: Immediately Isolate the Affected Systems

Time is critical. You need to prevent the attack from spreading:

• Disconnect the compromised device from your network — unplug the ethernet cable or disconnect from Wi-Fi immediately
• Don't shut down the computer — this could destroy valuable evidence
• Alert other staff to stop using their computers until you understand the scope
• Check if the phishing email was sent to multiple employees and warn them not to click anything

If you're running a server-based network, consider temporarily isolating it from the internet while you assess the damage.

Step 3: Change All Potentially Compromised Passwords

Phishing attacks often target login credentials. Act fast:

• Change the affected employee's password immediately — do this from a clean, uncompromised device
• Reset passwords for any shared accounts the employee had access to
• Enable multi-factor authentication (MFA) on all critical systems if you haven't already
• Check your email admin console for any suspicious forwarding rules or new devices that have been granted access

For Microsoft 365 users, log into the admin centre and review recent sign-in activity for unusual locations or times.

Step 4: Scan for Malware and Monitor Network Activity

Phishing emails often deliver malware payloads:

• Run a comprehensive antivirus scan on the affected device
• Use a reputable anti-malware tool like Malwarebytes for additional scanning
• Monitor your network traffic for unusual activity — large data uploads or connections to suspicious IP addresses
• Check other devices on your network for signs of lateral movement

If you don't have enterprise-grade security tools, this is where having a managed IT partner becomes invaluable.

Step 5: Secure Your Email Environment

Email is often the primary attack vector and ongoing target:

• Review email forwarding rules — attackers often set up rules to copy emails to external addresses
• Check for new inbox rules that might be hiding malicious emails
• Scan for suspicious sent items — compromised accounts are often used to send phishing emails to contacts
• Enable advanced threat protection if available in your email platform
• Consider temporarily restricting external email while you investigate

Step 6: Assess Data Exposure and Client Impact

Determine what information might have been compromised:

• Review recent file access logs if available
• Check if sensitive client data was accessed during the suspicious timeframe
• Assess whether customer databases or financial records might have been compromised
• Document potential POPIA violations — you may need to notify affected individuals within 72 hours

For professional services firms, this step is particularly critical as client confidentiality is paramount.

Step 7: Report and Recovery Planning

Don't try to handle this alone:

• Report the incident to the South African Cyber Security Hub if it's a significant breach
• Contact your cyber insurance provider immediately — many policies require prompt notification
• Consider hiring a digital forensics specialist for serious breaches
• Document everything for insurance claims and potential legal requirements
• Plan staff training to prevent future attacks

Prevention: Building Your Defence Against Future Attacks

Once you've contained the immediate threat, focus on prevention:

• Implement regular phishing simulation training — staff are your first line of defence
• Deploy email security solutions that filter malicious emails before they reach inboxes
• Establish an incident response plan so everyone knows what to do next time
• Regular backup testing — ensure you can recover if prevention fails
• Consider partnering with an ISO 27001 certified MSP for professional security management

The Reality Check: You're Not Alone

Phishing attacks are becoming increasingly sophisticated, targeting SA businesses with localised content that bypasses traditional security measures. Even well-intentioned employees can fall victim to convincing attacks that reference SARS, major banks, or current events.

The key is having a plan before you need it. Businesses with documented incident response procedures and professional IT support can contain breaches within hours rather than days, significantly reducing damage and recovery costs.

Getting Professional Help

If reading this article makes you realise your business isn't prepared for a phishing attack, you're not alone. Many South African SMEs lack the resources for comprehensive cybersecurity — that's where MiBOT Support comes in.

Our ISO 27001 certified team helps businesses across Gauteng and the North West implement robust security measures and incident response procedures. We've guided dozens of companies through the aftermath of phishing attacks, and more importantly, helped prevent countless others through proactive monitoring and staff training.

Don't wait for the next attack to expose your vulnerabilities. Contact us today to discuss how we can strengthen your defences and give you the peace of mind that comes with professional IT security.