How do you respond to a cyber incident?

May 25th, 2018
Do you know how to respond to a Cyber incident?

Almost all SME’s don’t have the first idea about what to do in the event of a cyber incident. Best practice is to build a cyber response plan, but we understand that this isn’t necessarily something that SME’s have time to develop. So, we thought that it would be beneficial to give you a quick step by step on what to do with a cyber incident.

Step one- Don’t Panic.

Notify your insurers let them know there be a potential claim, they will also then be able to put you in touch with their cyber specialists that can come in and speed up the process and reduce business interruption. If you don’t have an insurer you can still find cyber specialists that may be able to come in and help however, this will come at your own expense.

Step two-  Contain

In this stage it is important that you are able to localise the incident and stop it from spreading across your network.  This can be done by simply removing important hard drives from the network simply disconnect them and ensure that all documents crucial to business operation have been backed up elsewhere in a safe place free from connection. For example, a Cloud back up, this can be arranged at the end of every business day by a cloud provider.

Step three- Assess the Damage

Once you have protected your data you will need to begin the process of identifying what was damaged, does it need replacing, or can it be fixed, and was any data taken? Another crucial part in this step is can you continue to operate or has the incident caused business interruption? This can be something that you are covered for under a cyber policy. In which case they will speak to there incident response to get an idea of cost.

Step four- Notify

A critical step is to ensure you notify the regulator of the breach and ensure that this is done within the allotted period otherwise you will be at risk of a penalty. It is also imperative that you notify all clients and customers of the breach outlining whether or not data was taken. If so, what data was taken and have the business lost any personal identifiable information?

Step five- Rectify

This is the step in which you have to begin fixing the damage that was not only caused by the breach but also the reputational damage that it has caused with clients. Reputation is a fundamental part of any growing business and damage to that can be harmful to your growth. Limiting reputational damage and getting clients back on side is crucial. To do this you may choose to appoint a PR team. This can be an expensive exercise and not all SMEs will have the capital to do this. This is something that can also be covered by Cyber insurance.

Read more on what are your options with cyber insurance?

Back to article