Skip links
Layered Security

What You Should Include in a Cyber Incident Response Plan

What You Should Include in a Cyber Incident Response Plan

Data breaches or ransomware attacks are a scary reality for any small to medium enterprise. If you operate on the Internet (or store your information on the cloud), your whole company could be at risk of a cyber incident at all times.

Statistics estimate that the average company could be affected by an attack on its systems every 5 seconds. This figure might even be an underestimation of the true danger.

The importance of a cyber incident response plan protects your company, your employees and your customers in the event of an attack.

This is par for the course for us as we create them for each of our clients. We’ve done so many over the years – as well as their necessary companions the ‘disaster response plan’ and the ‘business continuity plan’ – that we’ve got it down to a quick but essential order of business. One that I thought I’d give you a few tips on today.

Here are 5 things to do in the event that your company is affected by a ransomware attack or data breach.

1. Escalate the Issue

Call us and we’ll help you. Or if you’re not ready to do that, make sure you do reach out to your IT support team rather than burying your head in the sand and hoping the issue resolves itself.

The first thing anyone in the company should do in the event of a ransomware attack or data breach is to escalate the issue to the correct department. Stop using linked, active systems immediately, and inform the appropriate company sector that you suspect there has been an attack or breach on the system.

This allows for quick damage control and immediate action in the event of an attack or breach.

2. Inform Everyone Connected

The second step is to inform everyone connected of the breach or attack. People who don’t know that there’s been an attack on the system can, through the lack of knowledge, put the system at an even greater risk.

  • Any employee who is connected to the system should disconnect immediately.
  • Advise employees to change their passwords with immediate effect.
  • Impose a no USB rule throughout the company in the event of a breach; this makes further cyber incidents less likely, and stops the current one from spreading even further.
  • Advise employees to disconnect smartphones from any associated company files or accounts. This helps to stops potential ransomware from spreading.

3. Secure All Systems

Secure all systems, including servers, email servers and computer systems immediately. We have a number of tools we use to secure and clear systems of malicious actors or programs.

Do not submit to ransomware attacks. Advise employees to never agree with an attacker’s demands, but to focus on heightened device security both at home and work.

Company systems can be secured with a professional cybersecurity team, and this is strongly advised.

4. Find Professional Help

All companies, especially small ones, should have a third-party online security provider.

Discuss the cyber incident response plan with your security provider ahead of time – and make sure they know what to do in the event of an attack.

Larger companies are advised to allocate a cybersecurity department that is constantly assessing and negating the company’s risk.

5. Inform the Authorities

A company should always inform the authorities in the event of a data breach or attack. Law enforcement is far from powerless in finding and prosecuting ransomware attackers. Ways of getting in touch can be found here or you can call 0300 123 2040.

Purporting a cyberattack is still against the law and it can be part of a company’s response strategy. Law enforcement action can allows a faster, safer resolution.

If you have Cyber Security Insurance, contact your insurance agency and report your issue immediately.

If there is a data breach (i.e. data has possibly been stolen from your company), then talk to your solicitor and/or legal team and potentially make use of a PR company to help you explain publicly what has happened.

Look, it can be daunting.

If you aren’t 100% confident that you’d know what to do if you were suddenly locked out of your systems or otherwise victimised, then now’s the time to take action.

Better-IT are IASME-certified Cyber Essentials experts. We can assess your business, help you get certified, and keep you protected.

Give us a call if you’d like to talk about how we can help.

🍪 This website uses cookies to improve your web experience.