Make cyber part of your risk planning
With more and more data being created and stored digitally, developing a risk recovery and business continuity plan that includes a detailed step-by-step plan of what action needs to be taken following an incident is crucial.
Many startups are completely reliant on technology to run their business. Think of the impact of not being able to access files, get online, or take payments through your website and use this as a starting point to plan for every scenario involving digitized data.
Being able to refer to this document when you need it will ensure processes are followed in the correct order and that nothing important is overlooked.
Tell your insurer
With cybercrime on the rise, many insurers have started offering cyber policies to small businesses.
However, 91 per cent of small business owners don’t have cyber liability insurance, perhaps because of a lack of awareness about what the coverage offers.
A cyber liability policy can take care of most, if not all, of the expense that comes with managing the aftermath of a breach.
Not only are costs covered, some insurers will source the experts your business needs to get back on track, leaving you with more time to focus on running your startup.
Find out what happened as soon as possible
When it comes to investigating how a breach occurred, time is of the essence.
Startups are far less likely to have an in-house IT security expert who can investigate what went wrong. If that’s the case, it’s time to bring someone in to help as soon as possible.
Bring in an IT expert
It can be difficult to pinpoint the exact reason a breach occurred. Not to mention the fact that vulnerabilities could have been overlooked even after the incident. An IT expert can assess the situation, provide guidance on how to remedy the issue, and offer support to get systems back up and running.
Getting back online
After an attack, it might be necessary to wipe data from the network or devices, or revert to a previous version, which is why it is so important to always keep a backup in order to limit the impact of data loss. Bear in mind that even once data and systems have been restored, there may be delays caused by reconfiguration of key settings, including resetting passwords and updating user access levels.
Determine whether it’s possible to do business
If you haven’t been able to get systems back online or retrieve data, you may not be able to get back to business as usual straight away. Even if the recovery process went smoothly, if the breach is severe, it may be a while before systems, websites, or software are fully operational.
Contact local law enforcement
Like any other crime against your business, cyberattacks need to be reported to local law enforcement. Yet many small businesses are unaware they should contact the police, with the majority leaving out this important step in the recovery process.
After data has been compromised, your customers will want to know you are taking the breach seriously. Although opening an investigation may slow down recovery efforts in the long term, demonstrating your startup is dedicated to taking action against the perpetrators can prevent the headaches a PR crisis can cause further down the line.
Hire a PR firm specializing in crisis management communication
How you handle announcing a cyber incident can make or break your startup’s reputation. While a big brand may have the client base to take a knock to their customer perception, startups don’t. This is why getting the messaging right following a crisis is so crucial.
Working with a PR agency that can distribute a response helps open up lines of communication by letting customers know your business is taking the breach seriously, and is taking the necessary steps to resolve the issue.
Make sure customers and regulators are updated
Once the word is out, your business will need to outline exactly what’s being done to put customers’ minds at ease. This may include things like hiring additional staff to offer support and advice to concerned customers, or offering credit monitoring for free to those affected.
If your startup has to adhere to regulations, it’s likely you’ll need to inform relevant bodies about the breach. There may be fines to pay, especially if the incident occurred due to non-compliance.
Review and update recovery plans
Once you’ve successfully deployed all steps in the recovery plan and things are getting back on track, it’s important to review how effectively the incident was managed, what could have gone better, and what needs to be done to prevent future occurrences.
Reviewing the plan can present an opportunity to update policies around data security, provide staff training on cybersecurity, audit systems and software to make sure they are up to date, and schedule time to perform stress tests to spot any vulnerabilities in IT security.
You may be interested
Kwara, Anambra others fail to access over N66.8b UBE fundadmin - July 5, 2020
Advertisement Anambra, Enugu, Kwara and Plateau states topped the list of states that failed to access over N66.8 billion from…
Why NSITF Managing Director, three Executive directors, others were suspended over infractionsadmin - July 5, 2020
More facts on the infractions and high-level disregard to accountability and extant rules allegedly committed by the top management of…
Equities investors lose N257.1bn as market decline by 1.98%admin - July 5, 2020
Equities market shed 1.98 per cent of its value last week, owing to profit-taking amidst weak oil price as well…