Responding to a cyberattack can be confusing, complicated, overwhelming, and often all-consuming. In the wake of an attack, many small businesses don’t know what to do first or how to avoid making the situation worse. Creating a well-thought-out plan in advance, however, can make incident response in cybersecurity both easier and more effective. In fact, every small business should have a cyber incident response plan in place to help mitigate damage in the wake of a cyberattack.

An incident response plan should outline how a business will detect an attack, what needs to happen to limit the consequences, and ultimately how to remove the threat. At each point, the plan should identify who’s responsible for which activity, which tools to use, and how to coordinate both internal and external communications.

In the best cases, these plans help answer all the urgent questions that arise during cybersecurity incident management. They transform a potentially chaotic situation into a carefully coordinated counterattack.

Who Needs a Cybersecurity Incident Response Plan?

Any business with data, revenue, or customers should have a plan. Even small businesses with minimal digital footprints have something to lose from being underprepared for a cyberattack.

Considering that 67% of small to midsize businesses reported experiencing an attack in 2018, website owners must accept they’re likely to become targets. Having a strong defense is important, and building a solid incident response plan is a crucial part of that defense.

Within an organization, give key stakeholders access to the incident response plan. That typically includes those responsible for cybersecurity as well as those involved with technical and operational decision-making. Pull in team members responsible for media relations and marketing when you need to send out external communications around an attack. 

Once all stakeholders are on board, the plan should be regularly reviewed, tested, and revised (as needed). Consider running drills to give your staff hands-on experience of how to deal with cyberattacks. Incident response in cybersecurity should also be incorporated into new employee training so all employees will be prepared to follow the steps in place at any time.

Preventive Measures for Cybersecurity Incidents

The period after an attack has launched but before it’s resolved is known as “dwell time.” When it comes to dwell time, every second counts because hackers may be stealing data or hijacking the website. To minimize lost revenue, protect customers, and ensure the least amount of reputation damage, acting quickly is essential.

For example, Marriott International overlooked a bug in its system for four years, giving hackers enough time to steal the sensitive data of 500 million individuals. It was a public relations disaster for the hospitality company. If Marriott leaders had discovered the bug earlier and followed an incident response plan, they might have found a solution faster — and prevented the damaging headlines that resulted.

Crafting a solid response plan in advance doesn’t just reduce dwell time, but it also forces companies to evaluate their current cyber defenses. As companies build their response plans, they can discover and address vulnerabilities. This process requires companies to take a critical look at their cyber strengths and weaknesses, motivating them to upgrade their approach by implementing important tools such as automated website malware scanners, which detect attacks as soon as they occur. 

Cybersecurity is never perfect and hackers are always advancing to find a new approach. Although it’s unrealistic to avoid attack attempts completely, having an incident response plan in place is a proactive step that any small business should take to help reduce the damages and overall impact of a successful attack.

Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 12 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.