If you’re wondering how to protect your small business against a cyber attack, you’re not alone. Almost 60% of cyber attack victims are small businesses, and within two years of the first attack, the likelihood that a small business will experience another is approximately 28%

In response, entrepreneurs everywhere are looking for a mitigation strategy that limits any potential damage while meeting their business needs. Even if you implement preventive security measures, such as keeping your website software up-to-date, perfect cybersecurity is never a guarantee, especially as hackers become more persistent and use more sophisticated methods.

In the event a cyber attack breaks through your defenses, you must have a plan in place to help not only reduce response time and unplanned costs, but also to protect your reputation. The best mitigation strategies for cyber attacks are systematic. Therefore, a cybersecurity incident response plan has become necessary for today’s small businesses.

Why You Need a Cybersecurity Incident Response Plan

A strategic plan outlines exactly who, what, when, where, why, and how your team will respond to an attack. In the process, it keeps the response coordinated. 

To understand why having a strategy for mitigating cyber attacks is so important, consider what could happen without one. For one thing, customers, partners, and investors are likely to lose trust in businesses that handle attacks poorly.

For instance, when hackers stole the data of 25 million Uber riders and drivers in 2016, the company didn’t disclose the breach (as is required by law). Instead, Uber paid the hackers a ransom, after which the hackers stole even more data. The bungled response cost the company almost $150 million in claim settlements — and much more in lost public trust. This was a setback for Uber, but a similar situation could cost a small business much more.

As a business owner, it’s your responsibility to take the lead on developing a cybersecurity incident response plan. Keep in mind, key company stakeholders should offer their input and understand their roles. You must also consider how cyber attacks could impact customers, suppliers, web developers, and other third parties and include them in the disclosure policies.

A Step-by-Step Guide to Mitigation

The primary objective of an incident response plan is to cover every base. Here’s a step-by-step guide to each stage of an attack response. 

Identification: Due to the stealthy nature of hackers, many cyber attacks aren’t immediately apparent. For instance, according to the “SiteLock 2019 Website Security Report,” 33% of files cleaned by our malware scanner were JavaScript files. JavaScript attacks are often symptomless, which is why they’ve become a new favorite weapon of cybercriminals. 

For this reason, your incident response plan should include the implementation of automated security tools to monitor and detect malicious activity. When the success of cyber attack remediation and mitigation is measured based on how quickly you can identify an attack, it’s better to rely on automation. 

Discovery: The next step is to discover the nature of the attack and how it affected the business. This means coordinating with your web developer or third-party security provider to assess the damage. It’s important to move quickly here to reduce dwell time, which can be costly. You can’t notify those affected by the attack until you fully understand the scope of the damage, and defining the scope of the threat is essential for knowing how to stop it.

Remediation and restoration: Removing all traces of the threat requires someone who can root out every anomaly within a system. If you don’t have this expertise available in-house, the cybersecurity incident response plan should detail who to contact. 

Find a security provider that offers comprehensive automated solutions to eliminate traces of cyber attacks as soon as possible. As this effort is ongoing, everyone on the team should be working to restore business as usual. Planning how this will work ensures that nothing is overlooked and that communication with stakeholders remains transparent.

Review: Once the dust has settled, review your current security posture to locate any vulnerabilities that could be exploited again. This includes communicating with your team and discussing what elements of the plan must be changed. Being thorough about this review means doing a systematic check (which should be outlined in the plan) and may involve bringing in an expert.

• Communication: During this phase, businesses should communicate the breach with their employees and implement security awareness training. This training is designed to educate your employees on the importance of using strong usernames and passwords, identifying spam emails, and being aware of suspicious activity that could prevent another security breach.

Implement: You need to patch any identified weak points with extra levels of cybersecurity. That may mean installing a stronger web application firewall, a better backup solution for website and business files, and an automated malware scanner. Implementing new security technologies usually involves additional investments, but in almost all cases, prevention is cheaper than another attack.

It’s hard to overstate how chaotic things can become after a successful cyber attack, especially in a small business, where human and monetary resources are limited. To cover your bases, have a comprehensive cybersecurity incident response plan and ensure key stakeholders know how to follow it.

Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 12 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.