A plan to help your small business respond to cyber attacks

In today’s digital world, businesses are facing more cyber threats than ever. From ransomware RansomwareRansomware is a type of malware that restricts access to your computer or your files and displays a message that demands payment for the restriction to be removed. The two most common means of infection appear to be phishing emails that contain malicious attachments and website pop-up advertisements. to data breaches, if there’s money to be gained, no business is too small to become a target. Unfortunately, not all small businesses have the resources or guidance to respond effectively to a cyber attack Cyber attackThe use of electronic means to interrupt, manipulate, destroy, or gain unauthorized access to a computer system, network, or device. . In fact, 44% of Canadian organizations say they’d benefit from guidelines on how to handle a cyber incident^{Footnote 1}.

Having a solid incident response plan can mean the difference between a quick recovery and lasting damage to your business. Here’s how you can prepare:

Establish an incident response plan

An incident response plan is essential for any business. Even with strong security practices, cyber attacks can happen. Being prepared with a detailed plan can help you and your employees act quickly. Your incident response plan should include the following steps:

Detect

Start by assigning someone to be responsible for monitoring devices and data. This might be you or a dedicated IT employee. Identify who should be responsible for tracking security alerts. Create a clear process for employees to report security issues or unusual activity. Outline who you’ll need to notify in the event of an attack,including suppliers, investors and external security services that can help you respond. You should also have a communication plan ready to keep your customers informed if the attack impacts your operations.

Respond

If an attack happens, disconnect all devices from your network. Temporarily suspend employee access, especially if their accounts were targeted. Reach out to cyber security experts if needed to help identify the type of attack and how to combat it. Change any affected passwords and enable multi-factor authentication (MFA) on all accounts. You should contact your financial institution regarding the attack to notify them in case any financial information was compromised. Report the incident to the police, the Canadian Anti-Fraud Centre, and the Canadian Centre for Cyber Security.

Recover

Once the threat has been dealt with, you’ll need to restore your systems. Start by recovering your data from backups. Update all software, firewalls and firmware to prevent further breaches. You may need to patch PatchA small piece of software designed to update or fix problems with a computer program. This includes fixing bugs, reducing vulnerabilities, replacing graphics and improving the usability or performance. and update UpdateUpdates to software and devices add new features, fix bugs, and often contain new security features to protect against attacks. your devices if you run into vulnerabilities. Run anti-virus VirusA computer program that can spread by making copies of itself. Computer viruses spread from one computer to another, usually without the knowledge of the user.  Viruses can have harmful effects, ranging from displaying irritating messages to stealing data or giving other users control over the infected computer. and anti-malware MalwareMalicious software ("malware") designed to infiltrate or damage a computer system, without the owner's consent. Common forms of malware include computer viruses, worms, Trojans, spyware, and adware. It can: • Intimidate you with scareware, which is usually a pop-up message that tells you your computer has a security problem or other false information. • Reformat the hard drive of your computer causing you to lose all your information. • Alter or delete files. • Steal sensitive information. • Send emails on your behalf. • Take control of your computer and all the software running on it. software SoftwareA computer program that provides instructions which enable the computer hardware to work. System software, such as Windows, Linux or MacOS, operate the machine itself, and applications software, such as spreadsheet or word processing programs, provide specific functionality. across all your devices to check for lingering threats. Lastly, take time to analyze the incident and strengthen any weak points in your cyber security measures. This should help you better prepare for future events.

Test your incident response plan

Having an incident response plan is most effective if your whole team is familiar with it. You should test your plan regularly to make sure everyone knows their role and to test for any areas that should be made stronger. Here are four different ways to test your plan:

• Use a checklist: Read through each step in your incident response plan and address all assets and systems that need to be considered if a cyber attack occurs
• Do a walkthrough: Break down each component in your incident response plan to identify areas where security could be strengthened
• Perform a simulation: Conduct a mock cyber attack to give your team practice and pinpoint any areas for improvement
• Set up system tests: Test backup systems by disconnecting your main systems temporarily to ensure business can continue if your systems are compromised

Conclusion

Cyber attacks can have serious impacts, especially on small businesses. Having an incident response plan in place and testing it regularly can help minimize the damage to your organization. By creating clear steps to detect, respond and recover, you and your employees will be able to react more effectively to cyber attacks. Make cyber security a priority and give your business the tools to stay secure.