The National Cyber Security Centre has produced guidance for SMEs on how to prepare a response and plan recovery after a cyber-attack. In this article, we look at how to prepare for cyber incidents.
1. Prepare for the most common threats by developing plans around those incidents or cyber-attacks most likely to occur.
2. Identify what electronic information is essential to keep your business running, such as databases, emails, calendars and essential documents. Find out where it is stored and ensure you have daily/weekly backups, and regularly test the backups are working.
3. Identify what business processes and systems are critical and record where they are stored and how they are accessed. Assign shared responsibility to ensure cover and ensure key documents are available and up to date.
4. Think about how you could minimise reputational damage in the event of an incident. Make a list of which key partners (customers, suppliers, third parties, etc) that you would need to contact as a result of different types of incident.
5. Prioritise the risk, where you need the most protection and manage it. Consider what would happen if you no longer had access to the critical systems or assets you’ve identified above. List what’s important to your business, why it’s important, and what you are doing to protect them.
6. Make sure the risk of cyber security threats is high on the agenda.
7. Consider cyber insurance to provide you with additional resources during and after an incident. Not all cyber insurance is the same and as ever, the devil is in the detail in terms of the scope and scale of cover provided and whether you are able to meet any operational requirements placed on you by the insurer.
If you have cyber insurance, have your insurer’s details documented including policy number and any specific information your provider asks for. Understand any legal or regulatory compliance you must adhere to and implement any guidelines/policies/rules they set out for you. Also check if your trade association has any help or advice lines that you can contact to help you in this situation.
8. Make an incident plan and store in a safe place.
9. Ensure you know how to restore a backup in the event of any type of data loss, such as a ransomware attack, and train the relevant people in your organisation so they can do the same. Assign roles to members of staff, and document who owns each responsibility in the event of an incident, and how can they be contacted.
10. Create a list of external people you need to contact who can help you identify an incident. For example, your web hosting provider, IT support services or cloud service provider. Document the details of the contract, including what is covered, how they can help you, and at what point do you need to engage with them. Being prepared and having relevant up to date will save you time post incident.
And finally, remember to test your plan and your company’s resilience and preparedness.
If you’d like advice on making your company cyber resilient and planning for a cyber-attack, QASSS offers bespoke IT solutions for the home improvement and renewable sectors.