So you started you small business and your have proper cyber security and while that is good, you should develop a formal plan of action in the event of a hack. If a hack were to ever take place, you are going to have a lot to deal with and answer for. A step by step instruction manual for you and your employees will save a lot of time. So this is your instruction guide on how to build one.
Step 1- Determine how to contact parties affected by a hack
For example if you own a retail business and someone hacks credit card information of customers. Have a plan for who contacts who and how it should be done. Is first thing you do is contact all the customers personally? Do you send mass emails? Do you make phone calls, if possible to notify them immediately? Then who contacts the people who processes the credit card payments for you, to let them know of the hack? You may need to assign people to handle this responsibility beforehand. Have that decided before anything happens.
Step 2- Find out how to contact the authorities
You’re a small business and you don’t have an entire department dedicated to cyber security. You need to call the authorities that can help you. If you live in a massive city, the police may have a cyber team to help. In most cases you have to call the FBI local office. You can also call the U.S Secret Service and the Internet Crime Center. Have someone know how to get in touch with the authorities when hack occurs. You can’t waist time on this.
Step 3- Gather resources and determine who will be your forensics team
The FBI will conduct forensics for a criminal investigation and that will help. To get the full story from your side, you need a forensics team. You need them to see how the hacker gotten and stole what they did. They can also consult you on you cyber weaknesses and how to address them best. Determine who you will hire ahead of time, and have them ready in the event of a hack
Step 4- Talk to your cyber security provider
Being proactive and learning what you can from your provider is a big key. They can tell you what you need to do when a hack occurs to get their help. Know that ahead of time, so you can move fast to handle the problem.
Step 5- Make sure your Cyber Security Insurance will cover you
If you don’t have cyber security, you need to get it! Then make sure it covers all the potential threats your company faces. Figure out what they need you to do in the event of a hack.
Step 6- Have a Media plan
You may get covered in the media, whether it’s local or national. Determine a plan for handling that and don’t hide from it. Taking responsibility will and making sure people know you’re taking swift action, will help you save face.
Having a plan in how to deal with hacks and who would be responsible for what, can save you. It will allow you to move swiftly and address the matter. Next week we will build a step by step plan on what to do once you discovered a hack.