How to prepare for and deal with cyber attacks

The government’s Cyber Security Breaches Survey has shone further light on how UK organisations are being targeted, with specific detail that should offer pause for thought for micro/small businesses.

According to the Government’s data, 42% of micro/small businesses were the victim of at least one attack in 2018, with 17% noting that it took them at least one working day to recover from the breach they suffered. It also suggested that small companies are less likely than their medium/large counterparts to:

  • Seek out information on cyber security
  • Have cyber security policies in place
  • Have undertaken cyber security training

In some ways, this shouldn’t come as a surprise; micro/small businesses will always lack the resources of their larger counterparts, meaning important components such as training, awareness and strategic planning to cope with an attack aren’t carried out.

The quickest solution to protecting your business from cyber threats is to purchase cyber insurance cover, but beyond that, what can small businesses do in the event of an attack to minimise the damage?

Knowledge is power

The first step is to figure out what happened; how the breach occurred, what damage has been done and taking steps to make sure it doesn’t reoccur. This is when having IT support comes into play if you’re a larger company, but even if you aren’t, having experts on retainer is vital for moments such as these; they can analyse your systems, isolate the threat and help you to understand the nature of the attack.

Formulate your legal response

GDPR has provided the general public heightened awareness of how their data is handled, meaning that you must prepare for any customer fallout as the result of a breach. First off, inform the ICO (Information Commissioner’s Office); this is compulsory in the event of an attack.

Plan an agreed strategy for dealing with your clients and your public comments, even if this amounts to a small statement on your social media channels. Having a lawyer in place is a godsend in these situations; they will provide valuable assistance and guidance to make sure that you respond to a breach in the correct fashion.

Prepare your public response

It’s vital to keep in mind that your online reputation could take a massive hit if you don’t handle attacks in the right manner; clients are often very quick to air their grievances on social media, so being prepared is essential. A good PR officer will pay for themselves in this instance, so prepare your communications to your clients to inform them of the breach. Trust is a key element here, so be clear, honest and understanding. Talking about how you coped with the breach will stand you in good stead, as it shows that you’re working in their best interests.

Have a Cyber Insurance policy in place

Ultimately, having appropriate cover for your business in the event of an attack should form a key part of your security strategy. Carrying out the above suggestions will help to an extent, but given the financial repercussions of a breach aren’t determined by the size of your company, a cyber insurance policy could mean the difference between recovering from an attack or your business having to cease operations.

Talk to us about your business, what the potential data risks and vulnerabilities are and let us tailor insurance cover that will work in your best interests.