If you think your small or medium-size business is safe from a cyberattack, think again. According to the Verizon Data Breach Investigation Report, more than 60% of cybercrime—including ransomware, malware and distributed denial of service (DDoS) attacks were aimed at small businesses last year, up from 53% in 2016. Those attacks are serious, costing small companies exorbitant amounts of money, and potentially putting them out of business. Consider, for example, the following metrics:
- On average, cyberattacks cost small businesses between $84,000 and $148,000.
- Three of every five small businesses which are victims of such an attack go out of business within six months
- Despite these dire numbers, an alarming 90% of small businesses have no data protection plan in place
Why Are Small Businesses at Risk?
You might assume that a small business like yours is relatively safe because you do not have enough money to attract hackers. In fact, hackers do not target businesses based on their size—they target them based on their vulnerability. Most cyberattacks these days are automated, with hackers launching bots that scan the internet to find businesses that don't have adequate security protections in place. That means that your business could be next and that you need a smart plan to manage it if it happens to you.
What Is an Incident Response Plan?
An incident response plan is a strategy to deal with, and in some cases, prevent a cyberattack against your business. The Incident Response Consortium describes such methods as follow:
"An incident response plan gives you the thought-out guidance you need in order to effectively handle a cyber-attack, whether it be malware, ransomware, or a DDoS attack. It'll also help you strategically evaluate which aspects of your business are most at-risk and how you can help mitigate damage after a breach. In the end, a strategic and comprehensive incident response plan can be the difference between a thwarted attacker and a multimillion-dollar loss."
How Can My Business Create an Effective Incident Response Plan?
The operative word here is "effective." It is not enough to have a plan in place—that plan needs to be carefully researched and thoughtfully executed. Although every business is different, and for this reason, there will be variations in the best way to construct a plan for yours, in general, every incident response plan should have the following four elements:
1. Perform an Asset Audit
Your first step is to carefully evaluate which of your assets are most at risk, and which would cause the most financial and reputational damage to your business if they were compromised. This process is sometimes referred to as an "asset audit."
Effectively performing such an audit means assigning specific dollar figures to each asset. With this information in hand, you can better prioritize which assets need the greatest security protections.
2. Determine the Nature of Your Risk
Different companies face various kinds of risks. For example, if you have many employees who use email accounts, your most significant danger might be an email phishing attack. On the other hand, if your company performs a great deal of data processing, you could be at risk of faulty coding.
Unfortunately, the specific nature of your company's risk might not be evident until after an attack has occurred. For a reason, an increasing number of businesses are partnering with IT and cybersecurity experts to help them construct their incident response plans.
3. Construct Your Action Plan
Once you have determined which assets are most critical to your business and the nature of your risk, you need to construct specific policies which mitigate those risks. This detailed action plan is sometimes called a playbook. Your company playbook should include several components, such as policies to prepare, detect, analyze and contain an attack, as well as those which will guide your people through the recovery phase in the event of an attack.
4. Create an Incident Response Team
It is important for everyone at your business to know precisely what the role is in preparing for, preventing and responding to a cyberattack. One of the best ways to do this is by creating an incident response team.
Each member of the team needs to know how he fits into the incident response plan, and which actions and policies outlined in the playbook are his or her responsibility. Key players on your incident response team typically include the incident response manager, security analysts, and threat researchers.
As cyberattacks against businesses of all sizes become more pervasive, it is important for your business to take the steps necessary to protect sensitive data, including any customer data stored on your system. Although having the latest cybersecurity tools is an important first step, those tools are exponentially more effective when paired with a robust incident response plan.