top of page

Steps for Creating a Cyber Incident Response Plan

Over the past year, cyber attacks have been on the rise. Although many small business owners believe cyber criminals will only attack large enterprises or bigger industrial companies, they are sorely mistaken. With a study reporting that 76% of small businesses have been attacked in the past year, it’s important now more than ever to have a game plan for when the hackers come after you.

While cybersecurity often entails security defenses like firewalls and internet encryption, you’ll also need to be prepared with a cyber incident response plan to stop an attack in its tracks. To help you protect your livelihood and small business, follow these steps for creating a cyber incident response plan.

1. Prepare

Begin by preparing your business and team by putting in place a strategy and protocols for when a cyber incident does happen. Outline who is responsible for tasks like locating the breach and triaging the threat. Additionally, identifying personnel to tackle different work flows will be essential. Someone should be selected as first in command, while others are delegated to handle customer service and legal. Outside vendors should also be vetted prior in case the threat is more than your own team can handle.

2. Detect and Identify

When an incident does occur, it will be time to put your preparation to the test. Have your designated personnel begin identifying the problem with cyber incident response software. They should be documenting information and evidence along the way as they evaluate the type of threat, size, severity, and location.

3. Contain

Once the threat is identified, your team will need to contain it. Start by isolating any affected devices and closing them off from your network. If your network is affected, it’s wise to take devices offline and shut the network down. This will prevent the attack from progressing any further.

4. Eradicate

With any affected devices contained, you can then move on to eradicating the threat. Whether you’re dealing with malware or a social engineering attack, your strategy for eliminating the threat will differ. For example, if you’re dealing with malware, your team will need to disarm it before you can begin recovering your devices.

5. Restore

After appropriately dealing with the threat and eradicating it from your devices or network, it’s time to get your devices up and running again. Begin by restoring any affected devices with a clean backup. It’s also wise to go through and update any firewalls and patch systems. If you were dealing with a social engineering attack like phishing, make sure to create new credentials for any affected individuals.

6. Improve

The final step in your cyber incident response plan is to improve. After you’ve dealt with an attack, gather your team and discuss what went well and what didn’t in a post-incident review meeting (PIR). Take what you learn in this meeting and use it to update your protocols and strategies for the next time a hacker comes knocking.

With a strong cyber incident response plan in place, you’ll be prepared to defend your business from cyber threats. A plan is just one part of the cybersecurity equation, so make sure to check out the following infographic from The Zebra to learn about how to better protect your small business online.


bottom of page