Responding to a cyber incident starts with a plan

It’s not enough for organizations to defend themselves against a cyber security breach. According to a recent report from McKinsey, hackers who are committed to accessing a business’s data will inevitably find their way in. Intrusion and data-loss prevention mechanisms won’t be enough to protect organizations against the legal and operational vulnerabilities of a cybercrime.

Both enterprise organizations and small business owners need to develop response plans to unforeseen cyber incidents.The report describes these as organizational protocols, defined ahead of time, that “limit damage, increase the confidence of external stakeholders, and reduce recovery time and costs.”

According to three cyber security experts, the following cyber incident best practices will help ensure that business owners stay protected:

Protection against insider threats

Jimmy Vo

Jimmy Vo, cyber security consultant at VioPoint, encourages small business owners to develop a cross-functional breach response plan.

Many small business owners focus on threats coming from the outside. They frequently overlook two threats that can arise internally — abuse of information and accidental lapses in security protocols. Business owners need to make sure that they’re protecting themselves from breaches that can happen due to their own employees.

The first way for businesses to stay protected is to limit access to information. Business owners should grant data privileges on a need-to-know basis, especially with respect to sensitive information.

Aaron Messing, an information privacy and data security attorney at Olender Feldman LLP, encourages small business owners to log events and back up their information. In the event of a breach, access to these records will be invaluable.

Employee education is another essential in the process of recovering from a breach.

“Determine whether employees are appropriately trained on safe emailing and Internet practices,” Messing explains.

Getting the entire company involved

A security breach is more than just an IT problem. All departments need to be prepared to manage communication with clients and work with the legal team to handle the repercussions.

“Make sure that all stakeholders approve and understand their role in the event of an incident,” says Jimmy Vo, security consultant at VioPoint.

As a consultant to many small businesses, one of the most common mistakes that Vo sees is lack of training across the organization.

“It’s most likely cheaper to grow a dedicated security person to spearhead security team development,” Vo explains.

Security certifications will typically cost a few thousands dollars. It’s important to make sure that multiple leaders within an organization are well prepared to respond to a breach.

“The exact steps of creating an incident response plan varies dependent on the organization,” says Vo. “In addition to IT, there may be a need to interact with law enforcement and a legal team in the event of a breach.”

A well-educated team will help small businesses develop a cyber response plan that is thorough and custom tailored.


Cyber security is an ever-evolving landscape. Business owners need to make sure that they remain current on new risks and policies. Large organizations are constantly updating and implementing security features — this makes smaller companies an easier target for cyber criminals.

“It is good practice to keep employees updated on company security policies so that everyone is on the same page,” says Julian Dutton, marketing manager at CardFellow, an online marketplace where credit card processing companies compete for business.

Business owners need to be proactive in predicting and preventing new attacks before they happen.

“Precautions to take include encrypting information such as passwords, general fraud protection and proper data storage,” says Dutton.

Dutton also recommends that small business owners review the privacy and compliance policies of their Web hosting and payroll processors.

“A business should create a plan with layers, and sensitive information should never be protected using a single password,” says Dutton. “The business should take additional security steps such as assigning a personal identification number to each individual who has access to the data.”

Once a plan is in place, it is a good idea to simulate a breach. This practice will empower an organization to run smoothly in the event of an actual cyber incident.

Ritika Puri
Ritika Puri is a San Francisco-based blogger who covers the intersection of data, sociology, and technology. She transforms marketing strategies into revenue-generating growth engines.
Ritika Puri
Ritika Puri
Ritika Puri
Tags: Data Center,IT Security,Technology