Thinking ahead is one way to protect your business, and a cybersecurity incident response plan can help too.
It might sound a little ominous but cyberattacks are commonplace and really hard to predict.
In fact, the amount of cyber-related attacks is increasing, since businesses suffered 50% more cyberattack attempts per week in 2021 compared to 2020 – and many feel unprepared for the threats that lie ahead.
No matter how well-established your business is, even the largest companies with the best cybersecurity support can be compromised.
There is, however, something you can do to make sure your business is better prepared. You need a cybersecurity incident response plan.
What is an incident response plan?
Consider it a set of steps that your business can follow if a cyberattack happens.
When there’s a crisis, chaos and panic can sometimes be the first reaction – especially if you’re coming up against something your business hasn’t dealt with before. By putting a cybersecurity incident response plan in place, you’ll help reduce the risk of poor decision-making, and increase your chances of controlling the damage a cyberattack can cause.
What goes into setting a response process?
Before you put together the full plan, you first need to be clear on what needs to go into it. There are six key steps that are essential, which you can scale up or down depending on your individual business needs:
Preparation: First, carefully think about what you can do to prepare for (and prevent!) different cyberattacks. Do you have an internal or external IT support team who can help if things get technical? Do you have extra safety measures in place, like two-factor authentication, to prevent an attack to begin with?
Identification: This stage allows you to find out the nature of the attack. Whether that’s a ransomware attack that stops you from accessing a system until a ransom is paid, or a denial-of-service attack that stops customers from accessing your website.
Containment: The focus here is on stopping the damage an attack can cause. Carefully consider how you could contain the impact of different attacks. It’s important that you don’t delete everything in a panic, as you might end up erasing precious evidence.
Eradication: Just like the name suggests, this phase deals with completely removing the malware and protecting any weak spots.
Recovery: This phase of incident response is all about getting the system back up and running as quickly as possible, keeping any business-related damages to a minimum – and reducing the impact on your customers.
Reflection: The only way to come out stronger after a cyberattack is to invest your time and attention in the lessons learnt during the breach and how you responded to it.
What does a full response plan look like?
You don’t need to hire a professional to get going. You can easily create one on your own, just remember to include the following key pieces of information:
A description of your company’s incident response team and their responsibilities. You should agree this with your team upfront, so you have a go-to group with defined roles should the plan be needed.
An overview of your company’s incident response process to stop the attack, following the six steps listed above.
How you’re going to protect customer data.
How information will be shared within your company and with the third parties whose data might have been affected.
The steps and procedures you’re going to take for restoring systems to what they were like pre-incident.
The contact information for key people, whether that’s yourself, IT support or the incident response team.
Our main advice? Make sure the plan is easy to understand. You might need your non-technically minded team members to get involved, so the steps need to be clear. If you’re still not sure where to start, there are free templates online that you can use.
What should you do next?
While it’s important to have a plan in place, it’s even more important to test and question it. This will help you see any areas for improvement, as well as gaps that need to be filled. It’s also important to share the plan with your team, to make sure they know what to do if an attack happens, but also to get their feedback if they see any missing areas, or if something isn’t clear.
You must also remember to review your plan yearly. Cybersecurity is changing constantly, and your plan will need to adapt as threats change
Secure your business mobiles from a host of cyber threats.
For more support discover our free business support helpline and speak to one of our Business Advisers by phone, contact form or web chat.
Wondering what you can ask? Our team can help with a range of digital topics