Many small businesses have a problem they may not even be aware of: they don’t have an incident response (IR) plan in place. This is a problem they should fix, especially with the Covid emergency multiplying the already plentiful malware and social engineering attacks that appear each day. Small businesses often have limited funds and personnel for IT security, and incident response may end up near the bottom of their priority lists. However, not having the ability to react quickly and correctly when an incident strikes can end up costing far more that setting up a basic IR plan and program. Plus, putting together such plan need not be difficult at all. Below are some simple steps small businesses can take to set up their own IR plan.
- Identify likely security incidents that could impact your business. This information can easily be found on the Internet. Write this down.
- Decide how the business should react to each one of these incident types and write this down. This advice is also readily available online. Write this down.
- Decide which personnel are going to be responsible for handling incidents (the incident response team). This usually includes IT and management personnel of various levels. Other personnel like legal advisors and security experts should also be identified. Once the team is chosen decide who is going to be in charge of response efforts. This is the person first contacted once an incident is detected. Write this down.
- Decide how and what you are going to communicate not only among the team, but with employees, customers who have been affected, regulators, law enforcement personnel, news media, third party security service providers, etc. Also decide who is going to do these communications. Make sure phone lists are included in this document. Write this down.
- Take all the information from above that you have written down and consolidate it into one plan.
- Train your personnel what their responsibilities are and who they should contact if they detect an incident. This includes both the team and employees.
- Finally practice the plan and make adjustments and improvements as needed. A good way to practice incident response is by performing table top exercises that are as realistic as possible.
The above is a very simplified version of an incident response program, but it is really all you need to get started. Having such a plan in place is a kind of insurance that could pay real dividends if a data breach or other serious incident occurs.