Cybersecurity: Incident Response and Training

Incident Management infographic

One of the most valuable lessons we’ve collectively learned over the past year and a half is that you can never be prepared for every possibility. Still, as a small business owner, it’s essential to plan ahead and consider how you’ll handle unexpected obstacles – it can make the difference between long-term success and sudden failure.

One of those possible — and likely, probable — issues is a cyberattack, a likelihood which increases daily. Whether through phishing, malware, ransomware, or advanced persistent threat (APT), there’s a strong chance that your business will experience a cyber event at some point in the future. The difference between minor downtime and disaster, however, could be your cybersecurity incident response plan.

An incident response plan details protocols that you have formally implemented for how you will handle cyber incidents of all types. In today’s world, a cyberattack incident response plan is essential. Small businesses are enormous targets for threat actors yet often don’t have the resources to react in a timely manner to defend against and respond to attacks. The plan should include responses to any malicious or non-malicious anomaly detected in your network.


The Verizon Data Breach Investigations Report found that 71% of cyberattacks target businesses with fewer than 100 employees, and the average cyberattack costs a business more than $200,000. A loss such as this could be devastating to a small company.

Having an incident response plan in place is the best way to protect your company – it helps in mitigating the risk of a breach or an attack, provides confidence when facing security threats, and is an excellent way to maintain public trust when facing such a difficult situation.

Addressing this critical component of modern-day business allows you to be prepared, temper stress responses during crisis situations and better equips you to handle potential risks and harm to your business reputation.

Simply put, an incident response plan can save your business.

How to create an incident response plan for your business

While creating an incident response plan may seem overwhelming, there are practical, logical steps every business can take to begin the process. You do not need to plan for every possible scenario; begin with the most likely and plan from there.

A sound incident response framework should include these elements: prepare, identify, contain, eradicate, recover, and review.

An initial starting point in preparing is to take stock of your technology and systems, identify the most likely threats, then enlist your team of experts (internal or external) to assist in creating and implementing your response plan.

1. Inventory

Perform a full inventory of the technology and data that you need to protect. Where do you keep financial and customer information? What office devices are connected to the internet? Who has access to your network? Which employees are connecting to your network from home?

Also include a review of the security tools already in place, such as endpoint security software, virtual private networks (VPN), firewalls, and endpoint detection and response (EDR) tools.

Having knowledge of which devices could compromise your endpoint security, which databases are most enticing to a threat actor, and the office equipment that you can disconnect from the internet provides you with a starting point. This information helps you to identify potential threats and points of attack which require additional security and continuous monitoring.

Visibility is key.

2. Review consumer protection and data privacy laws

Depending on where you’re located and where you do business, there are consumer protection and privacy regulations that limit the information you can collect, store, and share. They also require you to disclose breaches publicly.

These regulations vary from state to state and country to country, so familiarize yourself with your obligations in the parts of the country and world where your business operates. Include actions for fulfilling those requirements in your incident response plan.

3. Regularly identify potential risks

It’s important to stay up to date on the latest cybersecurity threats. Meet with your security consultant regularly to discuss how to identify and defend against the latest threat tactics.

4. Create a response matrix

A response matrix will be the guiding light of your incident management process – based on criticality, it should be compromised of the most likely and probable threats based on your geography, business, markets, and knowledge of your employees – and should include:

  • Incident risk
  • Likelihood of occurrence
  • Impact of occurrence
  • Indicators of occurrence
  • Notifications of occurrence
  • Actions of occurrence

5. Assign roles and responsibilities

Assign your response plan’s tasks to responsible employees or contractors who will take ownership of those responsibilities. Involving others in the management of policies and procedures lessens the risk that a single individual charged with incident response is unavailable when an event occurs.

6. Consult experts

Cybersecurity is complex, and while some actions within your response plan can be carried out by staff, others may require expert knowledge. Even the creation of your incident response plan may benefit from the expertise of a security professional.

7. Practice and training

Timely action is critical in mitigating a cyberattack. Review your plan often with employees and partners, particularly those who you’ve assigned to be part of your incident response team. Consider setting up bi-annual practice drills to walk through the steps, so those involved feel more confident and prepared.


A cyberattack can occur when you least expect it, so advanced preparedness is critical. An incident response plan will save money, time, and anxiety, and it could help you stay in business.

The benefits of having an incident response plan are similar to those of other safety drills — while they can seem like an unneeded disruption, the science behind these protocols is proven to be effective. An incident response plan serves as ingrained training that can not only help a team regain composure during an incident but provide effective guidelines for recovering from one.