What to Do if Your Business Faces a Cyber Attack

Make sure you know what to do if your business faces a cyber attack. Learn about your risks and how to prepare yourself and your business.

National news and media may focus headlines on larger-scale cyber attacks, but businesses of all sizes are equally at risk. Small businesses typically have less robust digital security systems than larger corporations and therefore become prime targets for cyber criminals.

Cyber attacks can be especially devastating for small businesses, costing an average of $950,000 in restoration and legal fees before even counting losses incurred in the data breach.

A breach of your business’ digital databases and finances can jeopardize the operations of your company as well as your employees’ and clients’ safety. In the event your network is attacked, be sure you’re prepared and know what to do.

Create a Cyber Security Incident Response Plan

Prepare Your Business and Your Staff

• Identify who will be your first responders in the event of an attack on your company. You may have an in-house IT department or use a vendor for technical support. Either way, ensure everyone on your response team is prepped and ready to handle even the most adverse of digital attacks.

Use Early Detection and Scanning Software

• Experts recommend having “proper monitoring in place that provides constant and comprehensive coverage of your network” (The Hartford, 2021) and have an escalation process in place to handle both major and minor events. Enable security software to scan your systems regularly for malware and viruses and use a VPN to access company databases whenever possible.
• Consider an investment in Endpoint Detection and Response (EDR) technology.

Enable Your Team to Identify and Contain Any Anomalies

• If an attack is detected or you believe a network has been hacked, isolate the infected system and identify the cause of infection. Have your IT team or vendor step in to respond to the incident and stop any suspicious activity or malware from spreading. Communicate emergency protocols with your staff to alert everyone of the system compromise.

Eradicate and Repair

• Your IT team or vendor will work to block and remove the invasion from your network and find any holes or vulnerabilities remaining in your system. Your operations may be halted while the extensiveness of the breach is investigated. At this time, it’s important to have a plan ready to protect your company’s brand and image in the event private data or client information was compromised.

Review the Severity of the Incident and Identify Next Steps

• Once an incident is contained, be prepared to address your staff internally with what happened and how another incident can be avoided. If the data breach impacted any third-party businesses, clients, or vendors, be ready to publicly address what happened and the steps your company will take to prevent another breach. At this time (and depending on the severity of the attack) you may need to bring in forensic investigators and hire a legal team. If private data or confidential information was compromised, prepare yourself for any impending lawsuits and further investigation.
• Refer to the Data Breach Response: A Guide for Business from the Federal Trade Commission for detailed action items

Put Your Incident Response Plan into Practice

Your Incident Response Plan (IRP) should be tailored to your specific business keeping in mind the size of your company and the risk you face. Consider how and where your data is stored, the accessibility of your network, and the security of your workforce.

Ensure all employees accessing company files and databases online are educated in basic cybersecurity etiquette and enforce multi-factor authentication (MFA). Review your IRP with your staff and conduct periodic training sessions with your response team.

Cyber security planning resources:

• Data Breach Response Plan (Template)
• Small Biz Cyber Planner 2.0

Ensure Comprehensive Coverage

Your IRP is what you do in the event your protection measures fail and a cyberattack occurs. When an attacker breaks through your best security measures, you want to be sure your business is protected and covered for all losses and liabilities you may face.

Consider purchasing or expanding your cybersecurity insurance coverage before you experience a devastating attack on your company and assets. In the event of a loss, cyber insurers employ a team of breach coaches, computer forensic analysts, and legal experts to help you respond and recover to a cyber incident.

If you find yourself in the vast majority of small businesses operating at high risk and without the protection of proper cyber insurance, plan proactively and speak with our experts today at Morris & Garritano. Together we can build a comprehensive policy to fit the unique needs of your business to protect yourself, your organization, and your assets.