Small Business Cyber Security Response and Recovery. Part II – Prepare for incidents
How to prepare for a cyber incident, from response through to recovery
Part 2 – Prepare for incidents
- Identify critical assets, systems, and contacts
Establish what type of digital information is necessary to allow your enterprise to continue its operations. Depending on the type of main business activities this will vary but a certain type of data will most likely be common for all businesses – contact details, email, calendars, and essential documents.
You should also know where this information is stored. Is it on a particular computer on-site – maybe in your office – or is it a remote server? Or maybe it is stored in the cloud, by a third party? Record how this information can be accessed or where it is stored and name at least two people who share this information.
Whatever the case, have a backup policy in place – make regular copies (or preferably copies) of your essential information and make sure you can restore information from it if needed.
Critical systems and processes
Each business will have specific systems and processes which are vital to performing its core functions. For a bank it will be the customer accounting system and, if it is a bank serving the general public, its website or app. For many businesses, it will be the Enterprise Resource Planning (EPR) systems. For yet another company it can be the internet search engine or the website where customers place their orders.
Make sure to identify these key systems and processes.
Mitigating reputational damage
Reputational damage in case of an incident should not be underestimated and once incurred can be difficult to recover. Therefore, make a list of key stakeholders – customers, suppliers, third parties – that you would need to contact depending on the type of incident. For example, if payment data was stolen you would need to contact customers and banks; in case of information leak from corporate accounts – suppliers; and the relevant regulator if personal data was compromised.
- Risk management and cyber insurance
Make discussing organisational risk a point on the agenda of your regular meetings.
Discuss what would happen to your business in case you no longer had access to the critical systems or assets you identified for your business. It is crucial that you understand what is important for your business, why it is important, and what you are doing to protect it.
Prioritise threats to your business – cyber, burglary, theft, flood, legal action, H&S – to see where on this list sits your cybersecurity. This will allow you to be realistic about the steps and efforts (including expense) you take to mitigate the different types of risk.
If you decide to take out cyber insurance, you should understand that such insurance alone cannot prevent an attack. Further, for the insurance to be valid you should understand the scope and scale of the cover provided and ensure that you are meeting the requirements placed on you by the insurer.
- Making an incident plan
Having an incident plan written down and practiced is key to a successfully managed incident if it occurs and the minimising of its impact it has on your business continuity.
Such an incident response plan would include the following:
– Keeping information about critical assets in a safe place
– Having a working and checked backup procedure in place
– – ensure there are at least two people in the organisation who know how to do it
– Assign roles to members of staff, and document who owns what responsibility in the event of an incident, and how they can be contacted
– – understand and document when ownership of action or decisions transfers from person to person.
– Identify at what point senior management needs to be involved
– Make a list of people outside of the business you might need contact to help you identify an incident: hosting provider, IT support services, or cloud services provider
– – have the details of the contract you have with them, including the scope of services covered, how they can help and at what point do you engage with them
– If you have a cyber insurance policy have your insurer’s details at hand including your policy number
– Understand any legal or regulatory obligations you must adhere to and implement
Do you require help with preparing for and dealing with cyber incidents?
If you have any questions or require help or advice on preparing for and dealing with cyber incidents, please contact us at SEQRED.
SEQRED specialises in all areas of cybersecurity including Critical Infrastructure Protection, Cloud Services Security, Audits or Threat Intelligence. For a full list of our services visit our website – www.seqred.pl
Stay safe rather than sorry!
About this guide
The idea for this guide is based on the Cyber Security Response and Recovery Guide for Small Business published by the National Cyber Security Centre, UK. You can access the guide here.