Incident response kit

There are few guarantees in business; unfortunately, one of them is that you are guaranteed to be the target of an attempted cyber security incident, with the chances of them successfully penetrating your defences worryingly high. In the UK, 99% businesses have experienced a security breach in the previous 12 months. This impacts every size of organisation – a small business is just as susceptible as a large enterprise.

Still, having a cyber security incident management plan means you can mitigate the impact of any attack. However, only one in ten firms have a plan in place , suggesting that for the majority, if a breach were successful, they would struggle to contain the damage. With cyber-attacks costing an average of over $1 million, the resulting losses would be significant and, potentially, ruinous for some.

To that end, we’ve put together a five-point incident response kit to help guide SMBs when they’re affected by a cyber security attack. One thing to remember is that it isn’t just an IT issue – as you’ll see, the points below cover everything from technology to legal to reputation, meaning that all parts of the business will need to be involved to help steer the organisation through this testing time.

       1. Find out how far the breach goes

Understanding how far the breach goes will allow you to determine which individuals you need to inform and how exposed your business is. This isn’t a deep dive – speed is of the essence, so you need to identify how badly affected you are and communicate that as required as quickly as possible.

      2. Assess the impact under The EU GDPR*

Since 25th May 2018, the General Data Protection Regulation (GDPR) has revolutionised how organisations need to handle incidents involving personal data. One of the changes includes who businesses need to notify and when; certain types of personal data breach must be reported to the relevant supervisory authority within 72 hours of becoming aware of the breach. Not only that, if the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, the affected individuals must also be informed quickly. The days of being able to ignore a breach, or get everything completely clear before informing anyone, are gone.

In the event you have identified that the breach affects customers from a EU member state, assess the impact of the breach under GDPR.

Be prepared, as well, for questions on when you became aware of the breach, as it is likely to be a key point of interest with authorities to determine whether you have responded properly within the designated time. The UK’s Information Commissioner’s Office has a good introduction to GDPR, as well as a self-assessment check list for data protection.

*If you are not handling personal data of EU citizens and/or are located outside of the European Union, you should assess your exposure against applicable national data protection (or other) laws which regulate, for example, the processing of personal data and the handling of data breaches.

       3. Move to plug hole

If the attack has come from outside, it’s likely that it’s from a piece of software that hasn’t been updated, human error, or an out of date security system. Whatever it is, find it and take steps to plug the hole, whether that’s updates, disconnecting that part of the system if possible, or communicating cyber security principles to your staff and instigating training as necessary.

      4. Examine what was exposed

Now’s the time to dive in. You need to review all your affected systems to check exactly what’s been affected, what’s been exposed and if there’s a chance of it happening again – the code used in the attack may be lingering, for example, or the virus not completely removed. Having a complete understanding of the impact of the attack may not make for pretty reading, but it will help you learn, help you communicate transparently and inform the steps you take to mitigate the financial impact, whether that’s through revised targets or increasing activity. This needs to be detailed and thorough and may require external experts to help out.

     5. Reputation management

There is a good chance that suffering a security attack might have an impact on your customers’ confidence. How far that goes is down to how you communicate. Being upfront is now a legal requirement, but it has always been the best way to manage a situation. By stating clearly what’s happened, what you know, what you are doing to fix the situation and how you are going to help those affected by your breach will immediately establish a perception of an organisation in control. Without that, customer confidence will be continually undermined. Of course, once you have said what you are going to do, you need to do it, otherwise any lingering trust will be eradicated.

These five steps won’t stop you from falling victim of to a cyber-attack – for guidance on that, look at these cyber resilience tips  – but by following them they can help mitigate the damage and get your organisation back on the front foot. For more details, speak to a cyber security professional – you can find registered, credible organisations on Cyber Exchange.