10 Steps to Recovering from a Cyber Incident

They say prevention is better than cure. And it’s true. But no matter how careful a small business is, it will never be able to completely avoid risks. This is especially true when it comes to keeping data safe. Data loss via hacking or employee error is one of the biggest risks a small business faces, and it’s also one of the most expensive to recover from.

Many small businesses don’t think they will experience a cyber incident. But as more and more data is stored digitally, and as cybercriminals increasingly target SMB organizations, the chance of it happening is higher now than it’s ever been. In fact, 85% of cyber-attacks are on small businesses, and with the average recovery cost coming in at $120,000. It pays to be prepared. 

Unprepared small businesses are far less likely to be able to recover from a data breach. So what steps should they take to recover from a cyber incident? It all begins with planning.

1. Create a step by step plan

All small businesses should take risk planning seriously, yet 75% have no disaster recovery plan in place. When developing risk recovery and business continuity plans, SMBs storing or sending any amount of data should include a detailed step-by-step plan of what action needs to be taken following an incident. 

2.Contact your insurer

A staggering 91% of small business owners don’t have cyber liability insurance. Yet by having this policy in place, most – if not all – of the major headaches caused by a breach will be taken care of. 

Coverage can include:

  • The cost of investigating the breach
  • The cost of informing customers
  • Legal fees and compensation costs if you’re sued for losing someone’s data
  • Defense costs if you face legal action by local or federal authorities
  • Payment of regulatory penalties or fines
  • The costs of restoring data, systems and your website
  • Income lost and extra expenses if a cyber-attack stops you doing business
  • Credit monitoring for victims of identity theft
  • The cost of restoring your reputation and managing customer relationships

Knowing someone has got your back frees up time to focus on what is most important – getting your business back on track as soon as possible.

3. Find out the what, why, and how as soon as possible

Time is of the essence when it comes to investigating how a breach occurred. The most common reasons are:

  • Device loss and theft
  • Weak passwords
  • Human error (clicking suspicious links, for example)
  • Outdated IT systems and software
  • Malware and other malicious software/viruses
  • Using unsecured networks (such as public Wi-Fi)

It can be extremely difficult to identify what went wrong. Which is why if you don’t have an in-house IT security expert, it’s time to bring in someone to help as soon as possible. 

4. Contact an IT firm

Even if you’ve been able to find the cause, there may be other vulnerabilities that have been overlooked. By getting an IT firm involved, not only will they be able to confirm how it happened, they can also offer advice and put measures in place to prevent the issue from getting any worse. And they can help get systems up and running again.

5. Restore systems and data

If you haven’t been able to get back to normal without the support of an IT firm, it’s time to recover assets lost in the incident. As well as getting systems back online, this means attempting to restore any lost data. As this step might result in having to completely wipe data from the network or devices, it is crucial to always keep a backup in order to limit the impact of data loss.

6. Assess whether it’s possible to do business

Even once the incident has been identified, investigated, and systems are back up and running, you may not be able to get back to business as usual straight away. 

Depending on the severity of the breach, systems or websites may need to remain offline. Or it could be that software used in the day-to-day running of the business may not be available. If the breach was a result of criminal activity, such as theft of a device, malicious action by an employee, or a hack, law enforcement will need to be contacted.

7. Contact the police

Cybercrimes need to be reported to local law enforcement, much as you would report any crime against your business. Yet many small businesses are unaware they should contact the police, with just 15% completing this important step in the recovery process. 

Organizations may be concerned about the repercussions of involving law enforcement, but if customer data is involved, showing that your business is dedicated to tracking down the perpetrators can prevent a PR crisis further down the line.

8. Hire a PR or crisis management communication firm 

Some big brands don’t fully recover from data breaches, in part due to the reputational damage caused by managing a crisis ineffectively. A timely, well-crafted, and transparent response shows the business acknowledges the incident, that steps are being taken to find a resolution, and that lines of communication are open so anyone affected can get in touch. 

9. Keep your customers and regulators in the loop

With an expert in reputation management on board, you’ll be better equipped to get the word out in a way that minimizes the impact on your business and keeps control of the narrative.

This might mean taking on more staff to provide support to concerned customers, as well as offering credit monitoring for free to those affected if financial information was compromised.

10. Learn from past mistakes

The final step is to review how effectively the risk recovery plan was deployed, and learn from it.

This means identifying what could have been done to prevent the incident in the first place and updating your risk plan to reduce the chance of future occurrences.

It’s also a good time to look at updating policies around data security, including staff training, ensuring all systems and software are kept up to date, and conducting regular stress tests to spot any vulnerabilities in IT security before they can be exploited.

Authored by:

cyber incidentMaureen Brogie is a Senior Advisor at InsuranceBee, a provider of small business insurance. Maureen holds a BS in Finance and is a licensed Property & Casualty agent in 40 states. Following a career break to raise her twin daughters, Maureen joined InsuranceBee in 2011 and now heads up a busy team of Client Advisors.