Week 6 – Preparing for a Cybersecurity Incident – 5 Things To Do Now

Cyber-attacks are a growing threat for small and mid-sized businesses (SMBs). Your business is an attractive target because you have information cybercriminals want. In fact according to a recent study, 60% of small businesses will cease operations after a significant cyber-attack due to the overwhelming cost of recovery.

Security begins with preparation and understanding. If you experience a cyber-attack, you want your staff to avoid scrambling during the incident to communicate, get the attack under control, keep operations going, and cover losses. You want your staff to have a ready-to-go playbook that will get your business back on track quickly. There are basic steps you can take to create a plan of action should a cyber incident occur:

  1. Assess your business risk footprint. Identify and document devices and activities of your business that are vulnerable to attack. This includes cloud services, websites, laptops, smartphones, email and social media accounts – any device or service that is connected and supports your critical business operations.
  2. Backup your critical data, and test restoration. Identify systems and data critical to the operation of your business. Critical data includes but is not limited to financials, client lists, customer orders and data, even intellectual property. Ensure your backups are on separate systems, and you have tested the ability to restore this data.
  3. Identify likely potential cyber-attack scenarios. Work with your staff to identify potential cyber incidents that can affect your ability to do business securely and safely. Review, assess and prioritize these potential risks. If you are able to mitigate some of the risks now, do so sooner rather than later to reduce the size of your “risk footprint.”
  4. Draft a plan of action, your incident response plan. Document the various findings you have learned from your risk assessment into an incident response plan. Organizations such as the ones below have sample templates and resources to help you perform these assessments and plan out your plan of action.
  5. Practice your response. Sit down with key staff and suppliers (where required) and practice your incident response plan using different potential scenarios. Ensure the right people are involved in these “table-top exercises.” Document questions and lessons learned by updating the incident response plan. Schedule exercises on a regular basis or when business processes are changed or updated.

You may have heard by now, dealing with a cyber incident is not a matter “if” but “when.” Start by identifying and understanding your most vulnerable processes and systems, work with your staff to mitigate those risks, and draft a plan of action to respond should a cyber incident occur. Ensure you have a cyber incident response playbook ready for your team.

https://www.sba.gov/business-guide/manage-your-business/small-business-cybersecurity

https://staysafeonline.org/cybersecure-business/respond/