Skip to content
Vectel
Support/Starting and growing

First real security incident, what to do in order

A compromised account or ransomware on a laptop feels like panic. The first minutes decide how big the damage gets. Work through a prepared plan, not ad-hoc decisions.

Try this first

  1. 1Isolate the suspect device or account immediately, cable out and wifi off, or account suspend, before doing anything else.
  2. 2Change passwords on the affected account and any accounts tied to the same mailbox or phone, that is usually more than you think.
  3. 3Document what you see, screenshots, timestamps, error messages, before you clean up, that matters later for insurer and possibly authorities.
  4. 4Assess whether you have a GDPR notification duty toward the Autoriteit Persoonsgegevens, you report a personal-data breach within 72 hours, not 'when we finish investigating'.
  5. 5Bring in your cyber insurer if you have one, they often want their own forensic team and that needs to go before you start cleaning up.
  6. 6Communicate to affected customers and staff with facts, not reassurances, honesty builds trust, smooth messages break it.

When to bring us in

Call an incident-response partner immediately if scope is unclear or ransomware is actively encrypting. Vectel can triage and mobilise the right team, but do not wait on this step.

See also

None of the above fits?

Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.

Who are you?

For the AI question we need your email and company, so we can follow up if the AI gets stuck, and to prevent abuse.

Limited to 2 questions per hour and 5 per day, kept lean so the AI stays useful. For more, contacting us directly works better for you and us.

Or skip the DIY entirely

Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.

Bring us inHow Managed IT works