Don't Panic - A Step-by-Step Guide to Responding to Security Incidents

No business is immune to cybersecurity threats these days. Despite best preventative efforts, security incidents like data breaches, malware infections, or cyber-attacks can still occur. When they do, it's crucial to act quickly and follow a defined incident response plan. Here's what to do if your business experiences a security incident: 

Preventative Steps  

Before an incident ever occurs, implement these preventative cybersecurity measures from the FCC: 

1. Train employees in security principles 

1. Protect information, computers, and networks from cyberattacks 

1. Provide firewall security for your internet connection 

1. Create a mobile device action plan to control devices connected to the business 

1. Make backup copies of important data 

1. Control physical access and create employee user accounts 

1. Secure your Wi-Fi network 

1. Limit employee data/software access 

1. Require unique passwords and multi-factor authentication 
   

Despite preventative steps, if a security incident occurs, follow this response plan: 

Internal Response 

1. Secure Operations 
   

• Quickly secure systems and physical areas potentially related to the breach 

• Take all affected equipment offline immediately to stop additional data loss 
  

1. Investigate 
   

• Interview those who discovered the breach and anyone else with knowledge 

• Examine who had access to what information to identify vulnerabilities 
  

External Response 

1. Notify Appropriate Parties 
   

• Alert law enforcement to any criminal activity 

• Inform other affected businesses who may be impacted 

• Prepare to notify affected individuals as required by law 
  

1. Assemble an Incident Response Team 
   

• For major incidents, bring in cyber experts to thoroughly investigate 

• Consult an attorney with data breach response expertise 
  

1. Initiate Recovery Plan 
   

• Fix identified vulnerabilities that allowed the incident to occur 

•  Follow data breach notification requirements 

• Consider offering identity theft protection services to victims 
  

The key is having an incident response plan defined and ready before any security incident occurs. By taking swift and comprehensive action, you can minimize the damage and get your business back to secure operations as quickly as possible.