Does Your Business Have A Breach Response Plan?
In the UK, the world economic forum reported that 2 in 5 small businesses have been subjected to cybercrime within the last 12 months, costing on average of £3000 per business per crime not to mention the operational costs and reputational costs. How are you protecting your business, and have you put procedures in place if a hacker does outsmart you?
You should think not if I get a cyber attack, but when I get a cyber attack, what recovery plans do I have in place.
Half of breaches occur due to lack of patches being updated, who is responsible for that. There also has to be a Cyber security awareness culture in your company and your employees shouldn’t be frightened if they did click on something in error, they should report it as soon as possible. Your response should be fast enough not only to protect yourself but also your clients. There should be a plan in place in the event if something like this happens, who is responsible for doing what and when and how. There should be policies in place that if need be, followed out to the letter.
If a breach occurs and your system has been compromised, who do you tell? You need to report this to the Information Commissioners Office within 72 hours, your plan should have this in place to report this. The regulator also requires you to communicate this to your customers without any delay if the information leaked was sensitive or high risk, like names and addresses etc. If low risk you still need to report it to your customers, it might be a bit embarrassing – but it has to be done.
How well have you planned your communication? To the regulator’s office on the one hand and also to your customers. If your system is down, your email will probably be out of action, do you have an alternative email address to send from or are you going to communicate this by post or by telephone, this should be planned ahead and thought out in advance. You need to put your customers first, after any breach 65% of customers lose trust, so it is important to let them know asap and not them finding out from some other sources as they will discontinue the relationship with your business.
Communication is absolute key.
How do you stop a breach, there is no silver bullet as hackers are consistently finding new ways to attack and look for loopholes and vulnerabilities in the system? Make sure you have an up to date technology in place, firewalls endpoint security etc. Your people are the most important asset in your defences, staff training is important and creating a Cyber awareness culture within your business. Make sure you have policies and procedures in place, and they are followed.
If you would like a Cyber Security audit on your system and not sure where to start on going about putting protection in place for your business, call Control IT Solutions on 01738 310271