Book A Consultation
Guide

Don’t Pull the Plug! What to Do (and Not Do) During a Cybersecurity Incident 

When Cybersecurity Strikes: Why Your First Reaction Could Make Things Worse 

In the middle of a crisis – computers locking up, strange error messages, or files suddenly encrypted – your instincts kick in. 

Unplug everything! Shut it down! 

But pulling the power or disconnecting devices during a cybersecurity incident can actually do more harm than good. 

At Lifeline Technology Solutions, we’ve seen firsthand how well-meaning actions during an IT emergency can make recovery harder, not easier. In this quick guide, we’ll explain why – and what you should do instead. 

Why “Turning It Off” Could Hurt Your Cyber Response 

During a ransomware attack or other cyber breach, key forensic information is stored in system logs: digital footprints that help IT teams and cybersecurity experts: 

  • Understand what happened 
  • Contain the attack 
  • Restore data safely 
  • Support any insurance claims or legal processes 

If you power off servers or devices, these logs can be corrupted or lost – sometimes permanently. That can slow down the investigation, reduce your chances of full recovery, and even jeopardize your cyber insurance claim. 

What You Should Do Instead 

If you suspect something is wrong: 

  1. Disconnect from the network or Wi-Fi (this isolates the threat without losing critical system information). 
  1. Leave devices powered on. 
  1. Call your IT provider or cybersecurity team immediately. 
  1. Don’t click, open, or engage with anything suspicious. 
  1. Document what you see (screenshots, error messages) if safe to do so. 

Prepare Before an Incident Happens 

The best way to handle a cybersecurity event is to prepare in advance. This includes: 

  • Having an up-to-date cybersecurity incident response plan 
  • Regular backups (with offline copies) 
  • Employee awareness training to spot phishing and ransomware 
  • A trusted managed IT support partner you can call without delay 

A Simple Analogy: It’s Like a Crime Scene 

Imagine walking into a robbery and cleaning everything up before the police arrive. In doing so, you could erase the very evidence that’s needed to catch the culprit. 

Cybersecurity is no different. Preserving the scene (in this case, the logs and system state) is critical. 

Don’t Panic – Call the Experts 

We know IT emergencies can be stressful. That’s why our Lifeline team is here to help you prepare, respond, and recover – without making costly mistakes. 

Reach out to us to review your cybersecurity readiness today