ClickCease How to Respond to a Cyber Incident in Five Steps - Sacramento, CA - Cybersecurity Experts in Northern California

How to Respond to a Cyber Incident in Five Steps


It’s Friday evening and you’re just about to leave the office to head home for a long three-day weekend. Just as you are about to walk out the front door, you receive a notification on your phone: your email has been hacked and sensitive data has been stolen from your business. What do you do?

Any business can hardly afford to do nothing immediately, but as a small business, you’re even more vulnerable, and not addressing the issue immediately will only hurt your company, whether in terms of your bottom line, your reputation, or both.

That’s why it’s important to not only have cyber insurance and cybersecurity measures in place, but also to have a cyber incident response plan to fall back on when such an incident should arise.

According to the National Institute of Standards and Technology (NIST), a cyber incident response has five functions:

  • Identify
    In order to address a problem, you’ve got to know not just that you’ve got a problem, but just what that problem is: it’s more than admitting you have a problem; it’s a matter of specifying as well as identifying just what it is the issue is.

    So, for instance, when you’ve got a cyber incident on hand–and it’s closing time after a long week of work and all the employees want to go home and your spouse is calling you about the kids and the dog just kicked the bucket–you’ve got to have a quick and ready way in which to identify what and where the specific point of breach is. This will not only help you to quickly respond appropriately, but will also direct and guide your efforts to combat the bad actors who have infiltrated your system.

    To be sure, there are numerous security risks to be aware of, such as threats to your technology systems, threats to your data, threats to your operations. Knowing and understanding where the weakest link is not only empowers you to build up support around it, but such knowledge affords you the opportunity to look directly into that weak link when a cyber incident occurs.

    To identify risks, you can look at system logs, you can examine vulnerable files, or you can track suspicious employee activity.
  • Protect
    It is the business of your company not only to provide the products and services that you offer, it is also your business to protect both those products and services as well as all the client and customer data that comes along with them: no longer can you simply plop and drop aid or services or products; you are interconnected with your clients and their data in a way that has never before been. And, as Peter Parker learned from Uncle Ben, with great power comes great responsibility.

    Not only must you protect your clients’ data, you must also protect your company’s data and, with that, its reputation.

    Some ways in which to protect your company and your clients’ data are to utilize backups, implement firewalls as security controls, and train employees on best cybersecurity practices.

    While safeguards are key in protecting your company and your clients, when they are breached, you must act quickly to remediate the problem.
  • Detect
    You can respond to a breach by quickly detecting irregularities, such as unusual network activity or someone trying to access sensitive data. You can do this by deploying intrusion detection systems (ISDs). ISDs can effectively assist you in locating and routing out irregularities in your system or data. Detection of irregularities is essential to limiting the damage of a cyber incident and getting your systems back up and running smoothly and quickly.
  • Respond
    In order to best respond to a cyber incident, you will need to do something that is proactive: you will need to plan. With a plan in place beforehand, you will be prepared and ready, knowing what to do and how to do it, as well as reduce the high levels of anxiety and stress that can accompany a data breach. Your plan should include strategies for breach containment, investigation of the breach, and resolving the breach, as well as how and when you will inform those impacted by the breach, such as employees or clients. A couple of important strategies for responding to a breach are to isolate the affected systems and to cut off access to every impacted system.
  • Recover
    In addition to your plan to respond, you will need a plan in place to recover, not only the data lost or stolen, but also the resuming of normal business operations as soon as possible to minimize disruption in workflow. Your recovery plan will need to include at least the following: restoring affected systems, implementing security controls to prevent future incidents, investigating the root cause(s) of the incident, and taking legal action against perpetrators as well as disclosing the nature of the incident to help others avoid it.

With a well-crafted incident response plan in place, you will be able to better resolve a breach, minimize the damage caused, and restore normal business operations as quickly and effectively as possible. Additionally, it is critical that employees are aware of the incident response plan and know their roles and responsibilities in the event of a breach. Such a plan should also be regularly reviewed and updated to ensure its relevance and effectiveness, since cyber incidents can occur any time.

Collaborate with an IT Service Provider to improve your defenses

An IT Service Provider like Total Secure Technology might be exactly what your business needs to develop an incident response plan. With our expertise and experience, we can help you protect your business, develop a comprehensive incident response plan, and abide by NIST’s five functions of incident response best practices.

These are just a few of the ways we can help you with your incident response journey. If you’re looking for help protecting your business against cyber incidents, be sure to contact us to schedule a no-obligation consultation.