You are the owner of an SME and therefore you can be fairly sure that the following three things apply to you:
- There is a lot more cyber crime than you’re aware of
- The risk caused by cyber criminals is greater than you think
- If you are attacked there is a serious downside
So, unlike many SMEs, you have taken the following steps towards securing your business and making it cyber safe:
- You have created a cyber risk profile
- You have devised and implemented a cyber security policy
- You run regular cyber security staff training sessions
But now, despite your precautions, the unthinkable has happened, you’ve been attacked! Where is your cyber incident response plan?
In the event of a data breach, organisations need to act fast. It’s essential that you and your employees understand the basics of detecting and responding to a cyber security incident. For SMEs, resilience is critical and has a significant impact on customer perceptions. Your business must be able to recover quickly from the financial and operational damage a cyber attack can cause or you could be exposed to major disruption as well as legal issues. A business continuity strategy and data backup, for example, could save you from having a lengthy, and potentially fatal, downtime.
Every business needs to develop a comprehensive cyber security incident response plan that defines in specific terms what constitutes an information security incident, and provides a step-by-step process to follow when an incident occurs. It must be detailed, not generic, and it must have depth. Designated members of the team must also have the level of authority they need to make fast, responsive decisions when a breach is detected.
Guidelines for a cyber incident response plan
1. Focus on incidents relevant to your business
In general terms anything that affects the confidentiality, integrity and availability of your products and services is an incident. Within these wider parameters, you have to prioritise the incidents from critical to least acute. While you should have a general idea of every breach that might occur, your plan should focus on action points for the breaches most relevant to your business.
2. Respond with speed
Response times should be within minutes. A service outage on the internet of more than one hour is considered significant. Damage to your business can be magnified by social media.
Notify customers if necessary with a pre-planned response. Make it concise, without speculating on the cause or when service will be restored. Be mindful that there could be legal issues if there has been a breach of sensitive customer information.
4. Identify and contain
Find the initial cause of the incident and assess the impact so that you can contain it quickly.
Limit further damage by isolating the affected systems and taking them offline. If necessary, disconnect from the network and turn systems off to stop the threat from spreading. Otherwise don’t turn systems off so your IT team can examine the source of the breach.
5. Restore first, find cause later
Once a breach is contained or blocked off, the next step is restoring services. Focus on your customers and get them back online as soon as possible. To minimise downtime and damage to your business’s reputation, examine the root cause of the incident only once services have been restored. Recover from the incident by repairing and restoring your systems to business as usual.
Make contact with legal counsel if necessary, and your cyber insurance agent.
Document every step you have taken for insurance and legal purposes.
Determine the impact the cyber incident has had on your business and assets. Find the root cause of the incident to reduce the likelihood of similar breaches in the future.
Best practices continue to evolve. Therefore your plan needs to be updated regularly to remain viable, reflecting advances in both cyber threats and defences. The best contingency plans are agile enough to adjust over time.
To be viable, incident response plans must not only be kept up to date but practised. Conduct regular drills of your response plan, even if it’s around the conference table. Drills ensure that everyone understands what they should be doing to respond to a data breach, quickly and correctly. The industry your business belongs to and the threats it faces will determine the frequency of this best practice. Test breaches will help staff remain calm and respond effectively in the event of an actual breach. It will also ensure that responses are automatic without the need to refer to the contingency plan.
Budget for a cyber incident
Every business needs to budget for the IT costs associated with data breach recovery. However, a cyber incident that is inexpertly handled or has a slow response time can also result in indirect costs such as damage to revenue, reputation, or market value. These costs can be mitigated with a comprehensive, up-to-date and regularly-drilled cyber incident response plan.
How can you reduce your risk and reduce insurance premiums?
With Dacreed's powerful online compliance training you can train managers and staff in cyber security. Once completed, you'll be able to demonstrate a lower risk profile to our partner insurers and get lower premiums – saving you and your business money.