1300 268 371
1300 268 371

Steps for your business to take following a cyber data breach

It's not if but when a business will experience a cyber breach. Which means it's vital to be prepared before one happens.

The first step for a small business experiencing a cyber breach is to enact its cyber security incident response plan.

"If a cyber breach happens, don't touch anything, call for help," says Steadfast Technologies' Chief Information Security Officer, Alexander Moskvin. "Engage professionals at the first sign the system has been compromised. They will be able to triage the situation and provide advice about the nature of the event," he adds.

Having a relationship with cyber security experts in advance is vital so you can act immediately when a cyber breach occurs. The right level of service for your business will depend on its nature and budget. Some businesses need access to 24/7 support. That support includes businesses for whom not being able to access their data for a period will have a significant revenue impact.

For instance, let's say a restaurant is the subject of a ransomware attack on a Friday and cannot operate over the weekend. Around-the clock cyber security support may be essential so it can trade during the busy weekend period. Other businesses may only require cyber security support during business hours.

Cyber security incident response plans for small business

The federal government has published a guide detailing the steps to follow when a cyber breach occurs. This is a good place to start designing your incident response plan. While the government's guide may be too comprehensive for most small businesses, it contains many of the essential elements every plan should include.

"A one-page plan will be sufficient for most small businesses," says Moskvin. Most plans should include service provider contact numbers to call when a breach occurs. "If you have cyber insurance, you need to notify your insurance company," says Moskvin.

It may be appropriate for your plan to also include a protocol for notifying people in the business and under what circumstances. For instance, as a business owner, you may require immediate notification if the breach involves your customers' personal data. But you may not necessarily require notification simply if a virus is detected and it has not yet entered the system.

It's also often essential to outline the method of communication for different breaches. In the example above, the plan may state you should be notified by phone if customers' personal data is involved in the breach. But if a virus is detected, email or SMS notification may suffice.

"It's up to the company to work through a range of different scenarios and what constitutes a high-risk and low-risk notification to senior management. A traffic light system where different scenarios are classified red, amber and green can help," says Moskvin.

Steps to follow after a cyber breach

During a cyber security event, it's vital to keep to the guidance of your cyber security experts.

"Often what happens is users click on a message or pop-up window that says the company's information has been encrypted and clicking a link will reveal instructions to get access to the data. But this may be just a threat and the system won't yet be infected. It's only when the link in the message is clicked that the system will be infected," advises Moskvin.

If a compromise is confirmed, it may be necessary to notify affected individuals or companies or the Privacy Commissioner. While cyber insurance may be essential, it should only be considered a last line of defence. Small businesses must have an incident response plan and know who to contact in the event of a cyber breach to help reduce any damage and get back on their feet as soon as possible.


Important notice 

This article provides information rather than financial product or other advice. The content of this article, including any information contained in it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product. 

Information is current as at the date the article is written as specified within it but is subject to change. BICS make no representation as to the accuracy or completeness of the information. Various third parties have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of BICS.