It’s not if but when a business will experience a cyber breach. Which means it’s vital to be prepared before one happens.
The first step for a small business experiencing a cyber breach is to enact its cyber security incident response plan.
“If a cyber breach happens, don’t touch anything, call for help,” says Technologies’ Chief Information Security Officer, Alexander Moskvin.
“Engage professionals at the first sign the system has been compromised. They will be able to triage the situation and provide advice about the nature of the event,” he adds.
Having a relationship with cyber security experts in advance is vital so you can act immediately when a cyber breach occurs. The right level of service for your business will depend on its nature and budget.
Some businesses need access to 24/7 support. That support includes businesses for whom not being able to access their data for a period will have a significant revenue impact.
For instance, let’s say a restaurant is the subject of a ransomware attack on a Friday and cannot operate over the weekend. Around-the-clock cyber security support may be essential so it can trade during the busy weekend period.
Other businesses may only require cyber security support during business hours.
Cyber security incident response plans for small business
The federal government has published a guide detailing the steps to follow when a cyber breach occurs. This is a good place to start designing your incident response plan. While the government’s guide may be too comprehensive for most small businesses, it contains many of the essential elements every plan should include.
“A one-page plan will be sufficient for most small businesses,” says Moskvin.
Most plans should include service provider contact numbers to call when a breach occurs.
“If you have cyber insurance, you need to notify your insurance company,” says Moskvin.
It may be appropriate for your plan to also include a protocol for notifying people in the business and under what circumstances.
For instance, as a business owner, you may require immediate notification if the breach involves your customers’ personal data. But you may not necessarily require notification simply if a virus is detected and it has not yet entered the system.
It’s also often essential to outline the method of communication for different breaches. In the example above, the plan may state you should be notified by phone if customers’ personal data is involved in the breach.
But if a virus is detected, email or SMS notification may suffice.
“It’s up to the company to work through a range of different scenarios and what constitutes a high-risk and low-risk notification to senior management. A traffic light system where different scenarios are classified red, amber and green can help,” says Moskvin.
Steps to follow after a cyber breach
During a cyber security event, it’s vital to keep to the guidance of your cyber security experts.
“Often what happens is users click on a message or pop-up window that says the company’s information has been encrypted and clicking a link will reveal instructions to get access to the data. But this may be just a threat and the system won’t yet be infected. It’s only when the link in the message is clicked that the system will be infected,” advises Moskvin.
If a compromise is confirmed, it may be necessary to notify affected individuals or companies or the Privacy Commissioner.
While cyber insurance may be essential, it should only be considered a last line of defence.
Small businesses must have an incident response plan and know who to contact in the event of a cyber breach to help reduce any damage and get back on their feet as soon as possible.
Important notice – Steadfast Group Limited ABN 98 073 659 677
This general information does not take into account your specific objectives, financial situation or needs. It is also not financial advice, nor complete, so please discuss the full details with your insurance broker or adviser as to whether these types of insurance are appropriate for you. Deductibles, exclusions and limits apply. These insurances are issued by various insurers and can differ.