It’s no longer new news that cyber risks are a significant challenge for individuals, businesses and governments. The same applies for small businesses – 43% of cyber crime is now targeted towards small businesses. What’s even more devastating is that 60% of small businesses who do suffer a cyber attack are likely to go out of business within 6 months.
There are many steps you can take before, during and after a cyber incident that can help contain and manage the damage if not prevent it. As with any disaster or unfortunate incident, having preventative measures in place, as well as a response plan can help lessen the impact of a cyber attack.
Data breach preparation and response, July, 2019
“Your actions in the first 24 hours after discovering a data breach are often critical to the success of your response...and you should create and test your plan before a data breach occurs."
Below, we outline key insights around cyber safety, broken down into 3 easy steps for you:
- Identify and protect your assets – Identify the data, devices and systems that enable your organisation to achieve its business purposes.
- Manage cyber risk – Identify, assess and manage the cyber security risks to your organisation’s data, systems, people and supply chain.
- Know who has access – Manage physical access to facilities and logical access to systems and devices.
- Back up – Ensure you regularly back-up important data and information to reduce the damage in case a breach occurs.
- Strong passwords – Ensure that you use ‘smarter passwords‘ and where possible multi-factor authentication.
- Smarter Protection – Have clear policies & security measures relating to your systems, data protection and privacy in case a breach occurs. Ensure your business is aware of this.
- Acceptable use – Put in place a policy that stipulates the constraints and practices a user must agree to for access to your network and systems. Ensure that individuals are aware of and attest to having read and understood the policy.
- Awareness is action – Train your staff on the risks and importance of protecting sensitive information – especially personal information.
- On-going education – Provide regular awareness sessions to staff on how to identify irregular behavior and how to be vigilant.
- Response – Ensure that you have plans in place to respond to an incident and test them regularly, if possible, with internal and external stakeholders (i.e. legal, PR, crisis management etc.).
- Recovery – Ensure that processes are in place to minimise the downtime of systems and assets impacted by a cyber event and test them regularly.
Subscribe to SME Talk