You are mistaken if you think your small or medium-sized business is safe from a cyberattack. An alarming 58% of cyber losses in 2020 come from small to midsize companies, and 80% of victims were attacked a second time (Cyberreason). Moreover, those attacks are severe, costing small companies exorbitant amounts of money and potentially putting them out of business. Consider, for example, the following metrics:
- 85% percent of breaches involve fooling humans by getting them to click a link or open a file.
- More than 90% of cyberattacks infiltrate an organization via email
- The average ransom paid by the mid-sized organization was $170,404; this includes downtime, people time, device cost, network cost, lost opportunity, and the paid ransom
Why Are Small Businesses at Risk?
You might assume that a small business like yours is safe because you do not have enough money to attract hackers. However, hackers do not target companies based on their size—they target them based on their vulnerability. These days, most cyberattacks are automated, with hackers launching bots that scan the internet to find businesses that do not have adequate security protections. That means that your business could be next and that you need an intelligent plan to manage the attack when it happens to you.
What Is an Incident Response Plan?
An incident response plan is a strategy to deal with a cyberattack against your business. The Incident Response Consortium describes this as follows:
"An incident response plan gives you the thought-out guidance you need to effectively manage a cyber-attack, whether malware, ransomware, or a DDoS attack. It will also help you strategically evaluate which aspects of your business are most at-risk and how you can help mitigate damage after a breach. In the end, a strategic and comprehensive incident response plan can be the difference between a thwarted attacker and a multimillion-dollar loss."
How Can My Business Create an Effective Incident Response Plan?
The operative word here is "effective." It is not enough to have a plan in place—the plan needs to be well thought out and carefully executed. Every business is different, and there will be variations in the best way to construct a plan for you and your business.
Every incident response plan should have the following four elements:
1. Perform an Asset Audit
Your first step is to carefully evaluate which of your assets (data, programs, etc.) are most at risk and which would cause the most financial and reputational damage to your business if they were compromised. This process is known as an "asset audit."
Effectively performing such an audit means assigning specific dollar figures to each asset. With this information in hand, you can better prioritize which assets need the most security protections.
2. Determine the Nature of Your Risk
Different companies face various kinds of risks. For example, if you have many employees who use email, your most significant danger might be an email phishing attack. On the other hand, if your company writes software code, you could be at risk of faulty coding that allows a hacker to access one of your client's data files. The specific nature of your company's risk might not be evident until after an attack has occurred. But, for this reason, many businesses are partnering with IT and cybersecurity experts to help them construct their incident response plans.
3. Construct Your Action Plan
Once you have determined which assets are most critical to your business and the nature of your risk, you need to construct specific policies and procedures that reduce those risks. This detailed action plan is often referred to as a playbook. Your company playbook should include four components. Policies to prepare for an attack, procedures to detect an attack, procedures to analyze an attack, and procedures to contain an attack. These policies and practices will guide your people through the phases of an attack.
4. Create an Incident Response Team
Everyone at your business needs to know who to reach out to when there is an issue. The best way to do this is by creating an incident response team with a primary leader and then others with specific roles that all work toward reducing the risk of an incident.
Each team member needs to know how they fit into the incident response plan and which actions and policies outlined in the playbook are their responsibility. Key players on your incident response team typically include the incident response manager, security analysts, public relations champion, and threat researchers.
As cyberattacks against businesses of all sizes become more pervasive, your business needs to take the steps necessary to protect sensitive data, including any customer data stored on your system. Although having the latest cybersecurity tools is an essential first step, those tools are exponentially more effective when paired with a robust incident response plan.