In this day and age, it’s not a case of if your business will suffer a cyberattack but when. In the last year alone, ransomware attacks in Australia increased by 15%. All companies are vulnerable to cybercrime – and an attack could happen at any moment.
While this might seem scary, a cyber attack doesn’t necessarily have to mean data loss. If you have the right solutions and processes in place, you can get away from a security incident primarily unscathed.
As the saying goes: fail to prepare, prepare to fail. To improve your chances of bouncing back from a cyber-attack quickly, you need to have a plan in place.
Typically, these plans are what’s known as incident response plans. Essentially, this is a written cyber security checklist that guides you and your team through how to respond to a security incident.
Incident response plans are invaluable in the fight against cyber attacks. However, research indicates that more than three-quarters of companies don’t have one in place.
How to create an incident response plan
Creating an incident response plan can be challenging if you don’t have internal security expertise. To help you, we have developed this handy guide, which details the key pointers to include in a successful plan.
The plan can be broken down into 6 phases. These are:
- Lessons Learned
Below, we will take a look at each step in more detail.
Your incident response plan should contain roles, responsibilities and actions for each team member of your organization in the event of a breach.
Your employees should be informed about their role well in advance, and you should practice ‘mock’ data breach exercises to ensure that everyone is clear on their duties.
As well as this, you should also make sure to regularly backup your data, so that nothing is lost in the event of a cyber attack.
Note, if you have a small team or are worried about overburdening your people with extra responsibilities, then consider outsourcing your IT security. Your managed service provider can take on the duties of incident response for you, so you can focus on growing your business.
When a breach occurs, the first step is to discover it. You will need to find out when and why the event occurred and what systems were – or are – impacted.
Following discovery, you then need to contain the attack so that it doesn’t spread through your systems. The best way to do this is by disconnecting the impacted hardware from the Internet. If you are a victim of a malware attack, we recommend working with IT security specialists to quarantine the impacted environment.
At the same time as doing this, you should also patch your systems and change all user passwords to prevent further compromise.
Once you are confident that the impacted systems are effectively quarantined, it’s time to eradicate the attack securely. This involves securely removing the malware and bolstering the affected systems so that a breach doesn’t happen again.
Again, we advise working with security specialists here, who can ensure that there is absolutely no trace of malware left in your systems and that they are thoroughly hardened against future attacks.
The recuperation involves returning your business back to usual operations. Depending on the severity of the attack, you may need to purchase new hardware to replace devices that were damaged in the attack.
If you are able to use the devices that were affected by the attack, you should take extra care to monitor these systems for the weeks after the breach to ensure that they are secure.
6. Key learnings
We believe in taking a ‘growth mindset’ approach to cyber security, whereby security incidents are an opportunity to learn and improve. Critical things to consider include:
- Did your incident response plan help us respond to the breach?
- What did our team do well?
- What could we have done better?
- Is there any way this breach could have been prevented?
- What will we do to reduce the likelihood of a similar breach occurring in the future?
Ultimately, an incident response plan is an inexpensive but effective way to improve your company’s security posture. However, limited time and resources can make it challenging to create and manage incident response for small and medium-sized businesses.
That’s why we recommend outsourcing your security to dedicated experts who can take care of security incidents on your behalf.
We’ll handle your security planning, so you can focus on your business
GKM2 can help your Sydney area business with incident response planning and responding to security incidents
Contact us today to learn more. Call +61 2 9161 7171 or reach out online.