Have a backup and recovery plan in place. Test it regularly.
Get help the right way
If you believe your Web site was attacked, do not post in the Joomla! forums. If there is a vulnerability, publishing that information could put other Web sites at risk. Instead, report possible security vulnerabilities to the Joomla! Security Task Force.