Planning Incident Response for Small- and Medium-Sized Businesses
The need for cybersecurity is undeniable. The aftermath of a cybersecurity incident can cause intellectual property theft, a damaged reputation, productivity loss, business disruptions, and recovery expenses.
Every business is a target of hackers. Size doesn’t matter, but according to a recent Cyber Security Breaches Survey, 70% of small and medium-sized enterprises (SMEs) do not have a formal incident response plan in place. This puts these businesses in the crosshairs of hackers.
Incident and breach responses are something SMEs should not ignore. While a large business can absorb a loss, a smaller business likely won’t be able to. Here are six steps to incident response.
1. Preparation
The first step is setting up the infrastructure for your incident response plan. This involves identifying what systems and data are at risk. Then, you need to put security software in place to protect these systems and alert the people responsible for responding to cybersecurity incidents.
2. Identification
Identifying when systems are at risk is not only the job of security software, which should log details on breaches and incidents, but also of any employees who work with your systems.
Sometimes new threats slip past even the best software. Employees should be educated on what type of suspicious incidents they should report and what type of information they need to collect for the incident response team. They should be regularly reminded of what form to fill out or who to email if such an incident should occur.
3. Containment
Once a cyber security incident has been identified, it’s time to do damage control. This could start with isolating the targeted system from the rest of the network or disconnecting a network cable to prevent further infection of your systems.
4. Removal
After a cybersecurity threat has been contained, it is time to remove any suspicious files, registry keys, and user accounts that contributed to the incident. The root causes of the incident need to be removed to prevent it from happening again.
5. Recovery
Once the issues behind the incident have been repaired, it is time to restore the system from backup. Make sure all security software is running and up to date, and run security tests to ensure the security holes responsible for the incident are plugged.
6. Review
The final step of incident response should be reviewing and documenting what occurred. Every incident is unique, and you can learn from each one. Writing this information down where others can access it will mean quicker responses to future incidents.
Incident response is something SMEs need to keep at the top of their priority list.