Cyber-Breach Planning for Small Businesses

While most small-business cybersecurity-planning rightfully focuses on preventing breaches, it’s also prudent to create a response plan in the event a cyber incident is discovered.

Given the increased severity of the cyber threat and the fact that small businesses are a consistent target for hackers, taking time to plan an effective response can go a long way in mitigating the unwanted effects of a cyber breach.

According to published statistics, 58 percent of reported data breaches affect small businesses annually. This makes the idea that a company would be too small to be attacked, wishful thinking; and highlights the importance of a small business developing a response plan without the stress and time pressures that will be present during a breach.

Your small-business response plan should have three primary objectives:

• Recovering any compromised data
• Restoring business operations
• Notifying anyone affected by the breach

As you start the process, your plan has to identify what a breach looks like. This may vary according to any industry or compliance requirements your company may fall under, but in general terms, a breach will involve the loss or compromise of personally identifiable information about customers, employees, or suppliers; or the loss or theft of the company’s financial, trade secrets or other confidential information.

A number of sample response plans and planning templates are available, including one from the National Institute of Standards and Technology (NIST). NIST offers a series of guidelines covering preparation, detection, containment and recovery, and post-incident activity.

A key aspect in any plan will be identifying your most important data, and trying to restore that data first. It’s critical to have an online backup plan that is always running, and to periodically make sure that plan is backing up your critical business data as you think it is.

Data recovery is often the most important aspect in getting your business running after a breach, and can make the difference in your company’s ultimate survival after the breach.

Define Your Team

It’s also important to establish a team to help coordinate your response-planning as well as to carry out that plan. You want to identify who’s going to do what, and what they’re going to say, as an incident is uncovered and your recovery begins. For instance, it will be important to inform employees, customers, suppliers, and potentially law enforcement.

You’ll probably also need to identify and alert external resources such as your IT consultant, your attorney, and if you have cyber insurance, your agent or broker. Getting legal advice during a breach can be helpful in informing your company whether the breach has triggered a notification requirement, and can potentially help mitigate other effects of the breach.

It’s also important to understand that your plan needs to be reviewed periodically, such as annually, to make sure the outlined threats and contact information for team members are all current. Ransomware has emerged as a leading threat in the past few years, for example; in your plan you should consider circumstances in which you may choose to pay a ransom (and how much).

Reviewing this data will be a helpful step in making sure your cyber-response plan reflects your company and its needs accurately, and that your company is better positioned to respond to a cyber breach.