How small firms can create an effective cyber security response
Small business owners tend to be good at planning for success. But they should also plan for worst case scenarios – especially in terms of a cyber-attack or breach, writes CyberArk’s John Worrall.
As entrepreneurs battle with the daily challenges that come with growing and managing a micro business, they must not neglect developing plans for disaster recovery and continuity of operations.
As the cyber threat landscape has evolved, responding to an incident is no longer something to be outsourced and forgotten about. Every organisation, large or small, is targeted by adversaries, and some compromise is inevitable.
With data breaches or other incidents affecting more than just information or technology infrastructure, and impacting on the ability for a company to operate, small business owners must make sure they are prepared.
As noted in CyberArk’s recently released Global Advanced Threat Landscape Survey 2016, many businesses have adopted a “post-breach” mindset, meaning firms operate under the presumption of a breach and have developed post-breach response plans.
In the survey of 750 IT and IT security decision makers, 95 per cent of respondents reported their organisation has a cyber security emergency response plan. That reads quite well.
However, digging below the surface we also learned that less than half of respondents reported that the plan has been communicated and is regularly tested with IT staff, and 40 per cent state that their organisation’s plan has only been communicated and regularly tested with senior IT staff.
So, if an incident does occur, do you have a strategy in place? Unlike larger enterprises that have dedicated teams to handle internal and external communications on the matter, micro-business owners may need to take more control.
There are several factors to consider. For example, how will you notify customers? And how will you handle employee communications if email and intranet services go down? At the very least, incident response planning should address the following:
Who is in charge?
A strong cyber security response plan requires clearly defined roles and responsibilities. Many organisations default this responsibility to the legal counsel, but crisis experts note that although lawyers should be available to advise, they are not the best choice to lead a response.
Effective incident response requires organisational and administrative abilities as well as technical knowledge – if not hands-on technical skills.
The choice of this leader can vary depending on the organisation and the personnel available, but it should be someone with an understanding not only of the IT systems but also how they support your organisation’s mission and business operations. In a larger organisation, the CIO or CISO would be the best place to start, but in smaller companies, business owners will likely need to be more hands-on.
The important thing to remember is that, post-breach, clear lines of communication are required for prompt and decisive actions. Determine this in advance.
A documented response plan will cover how your micro business will work with the primary response team for data recovery and continuity of operations. It will lay out responsibilities and help to ensure effective decision making in crisis mode.
Test, adapt and test again
A static “shelf ware” plan will not address your incident response needs. This is particularly true as the threat landscape continues to evolve. It is critical to battle-test readiness through live drills to help prevent company paralysis when a data breach or other incident occurs.
Drills can help uncover deficiencies in planning and implementation, so that plans can be updated as needed.
Periodic testing and updating is necessary to keep your cyber incident response plan effective. Having a documented and evaluated incident response plan demonstrates to customers and regulators that your business is taking responsible steps to anticipate and mitigate the risk of threats.
By taking a proactive, layered approach to security, and ensuring security best practices are part of your organisation’s DNA, you will put yourself in the strongest position to manage the cyber-attacks.
John Worrall is chief marketing officer at CyberArk
How to choose the right online accounting software for your business