In Part 1 of this blog series we introduced two important proactive steps you asa small business leader should take to protect your data and mitigate thechance of a cyber threat—assess your vulnerabilities by regularly running scans and auditing the access and permissions levels of new, current and former employees.
In Part 2, we explore reactive strategies—what to do if a cyber incident occurs—and where a proactive and reactive approach intersect.
Where Proactive and Reactive Intersect
Our goal at Trava is to help small and medium-sized businesses reduce the risk of cyber threats with our comprehensive cyber risk management solution. But what if an incident or a breach happens anyway? Unfortunately, no system is ever 100% secure. If you take a few proactive steps to prepare for a cyber incident, then when you do need to react you will likely have a swifter and more successful recovery.
Prepare a disaster recovery plan that includes:
§ Members of the disaster recovery team that will execute if and when necessary
§ Various scenarios—phishing, ransomware—and protocols for each
§ Communications templates—emails, press statements, social media posts—that you can easily modify according to the situation and deploy quickly. This will keep key stakeholders informed and you can focus on recovery instead of crafting messages.
Backup your data whether by copying files onto removable hard drives or in the cloud through which data is kept in offsite servers.If you experience a cyber incident and your data is compromised, erased, or held hostage, you can recover it.
Carry cyber insurance, review your policy, and be clear on what losses are covered. Is it comprehensive and sufficient? As with a disaster recovery plan, you don’t want to be caught off guard or unsure about what financial assets are protected if a cyber incident threatens your business. This is an important proactive measure that you can take to allow for minimal impact to your business operations and financial assets should you have to react to a threat.
If an incident occurs, your primary focus is on short-term survivability, recovering your digital and financial assets, and getting your business back up and running. If you have taken the proactive approach detailed in Part 1 of this blog series, including preparing a disaster recovery plan and making sure that your cyber insurance policy is up to date with the coverages you need, then you will be well positioned to take immediate action to get back in business.
Other reaction action items include:
Deploy your disaster recovery team to
§ Access your data backup files.
§ Investigate the flaws in your systems configuration or code.
§ Run all of your vulnerability assessment scans and take immediate mitigation actions.
Communicate to your key stakeholders according to the messaging templates you prepared in your disaster recovery plan.
File a claim with your cyber insurance provider.
Depending on the level of the breach and what data was accessed or compromised, there are a multitude of state and local agencies that must be notified. Refer to the Federal Trade Commission’s Data Breach Response: A Guide for Business for complete details.
You don’t have to do this alone. Get expert guidance from a strategic cyber risk management partner like Trava or your MSP/MSSP that can help you take a proactive approach to a comprehensive cybersecurity program and set strategies to mitigate the damages if you have to react to a cyber incident.
Download our infographic for an easy reference to the top 10 things you can do to protect your data.