Recovering from a cybersecurity disaster

What are the next steps for a small business should the unthinkable breach occur?

It's no surprise that small businesses make attractive targets, because they have information that cybercriminals want, and they typically lack the security infrastructure of larger organizations.

There are also times when a small business may not be the direct target of a cyberattack, but ends up collateral damage when a larger client or service provider suffers an attack.

Whether your business survives an attack depends on preparation. But how prepared can you be when you don't have dedicated IT teams to keep security measures updated and to foil or at least mitigate attacks?

Necessary steps when an attack occurs

In the event of an infection or breach, you'll need to act quickly. Your response plan should include: 

  • Disclosure and apology to customers and clients. The situation becomes more serious if it exposes sensitive data, which may trigger legal liabilities for your small business.

  • Hiring an IT professional to investigate the attack. You'll need to determine how the hackers got in and what they took in order to calculate the cost of recovery. Exploits may be leaking for weeks or longer before they're discovered, and hackers may leave a 'back door' in your system or try the same exploit later to see whether it's been addressed. A security professional will attempt to confine the problem in order to prevent further harm.

  • Deployment of stronger security measures. You'll need to roll out additional software, hardware, and human resources to keep a close eye on the network and ensure that the problem has been solved. 

Call for backup

While your business may not have the resources for an internal IT team to monitor the network, there are ways to mitigate the damage of an attack.

If you have a fresh and easily accessed backup of all critical data -- including documents, spreadsheets, databases, financial files, human resources files, and accounts receivable/payable data -- you can restore corrupted files or directories quickly. According to the National Institute of Standards and Technology (NIST), businesses need to:

  • Plan automatic incremental or differential backups at least once a week, where devices will only record information since the last backup. Small businesses may also need to schedule them daily or once an hour, depending on the needs of the business. (The SINO blog has plenty of great advice around backup strategies for small businesses.) 

  • Consider how much information was changed or generated since the last backup and the impact to the company if that information was lost.

  • Check storage capacity. Businesses should be able to hold data for 52 weekly backups, so the capacity should be about 52 times the amount of data you want to store. Be careful to back up the data for every computer and mobile device.

  • For extra redundancy, store backups in multiple locations, such as one in the office, one 'air gapped' from the network, and one in the cloud. 

  • Test your ability to recover data and systems from backup. "Remember that incremental testing is just as important as incremental backups, to ensure you can read your data and use that information in the event of a security breach," NIST advises.

Free security assessment tools

Aside from data backups, the US Small Business Administration recommends using free cybersecurity assessment tools to determine how to prioritize security investments. These tools include:

  • FCC Planning Tool - The Federal Communications Commission offers a cybersecurity planning tool to help you build a strategy based on your unique business needs.

  • Cyber Resilience Review - The Department of Homeland Security's (DHS) Cyber Resilience Review (CRR) is a non-technical assessment to evaluate operational resilience and cybersecurity practices. You can conduct the assessment yourself or request a facilitated assessment by DHS cybersecurity professionals.

  • Cyber Hygiene Vulnerability Scanning - DHS also offers free vulnerability scanning for small businesses. This service can help identify any configuration errors and known vulnerabilities in your internet-connected systems, and it sends weekly reports based on the results. 

  •  Supply Chain Risk Management - Use the Supply Chain Risk Management Toolkit to help shield your business information and communications technology from sophisticated supply chain attacks. Developed by the DHS Cybersecurity and Infrastructure Agency (CISA), this toolkit raises awareness and may help reduce the impact of supply chain threats.

When you're looking for an expert perspective that comes from serving thousands of small businesses, consider Dell Technologies and reach out to a Small Business Advisor, who will evaluate your needs and recommend the right mix of tools to improve your security posture.