How to Plan and Prepare for a Cyberattack

How to Plan and Prepare for a Cyberattack | CyberDot

As a small business owner, you must be prepared for a cyberattack, even if you hope that none will ever occur. Remember that no business is too small for hackers to target, as all companies have at least some financial resources and plenty of useful data that hackers would appreciate getting their hands on. Instead of worrying about what will happen if cybercriminals choose to attack your business, take the time to develop a plan and make other preparations for a potential cyberattack. This will put your mind at ease and give you a list of what to do if an attack occurs so you do not have to develop a plan in your stressed-out state.

How to Prepare for a Cyberattack

Plan Immediate Action

Part of your plan for a cyberattack should involve a list of what steps you need to take immediately upon noticing the breach. Each step during this period will work toward containing the breach, working to resume normal operations as quickly as possible, investigating and collecting evidence, or minimizing time and money spent on the issue.

To document the breach, make sure not to delete any relevant email, and consider taking screenshots or pictures or making notes. For containing the cyberattack, you may consider disconnecting certain devices from your network. To minimize the downtime your company experiences from the cyberattack, consider including a quick confirmation of the most recent backup of crucial files on your network. Just remember that if you include any backups in your cyberattack plan, you do not want to back up files from an infected device without precautions due to the risk of also saving the malware.

If you have cyber insurance, which is a smart idea, one of your first steps should also be to notify your insurance company. They will likely have a recommended process for you to follow to minimize damage and maximize the possibility of a quick recovery.

Report the Incident

Following any cyberattack, you should take the step of reporting it to the relevant authorities. Many states have laws requiring businesses to report on data breaches, and even if yours does not, this is a smart practice as it minimizes legal ramifications your company experiences and can potentially get you help from the authorities in resolving your issues or catching the hackers.

Include a Post-Incident Review

The final step of your initial response plan for a cyberattack should always be a review following the incident. This is when you take a closer look at what you learned from the attack, whether in terms of your company’s vulnerabilities or how you can respond. Examining your response to the situation and how the attack occurred can help you figure out ways to enhance your security and prevent future problems. This is something that your cyber insurance company will likely assist you with.

Get Cyber Insurance

A key part of your plan for dealing with a cyberattack should be investing in cyber insurance. Think of this as just another preventative measure that should be on your checklist along with other types of business insurance. In the event of a cyberattack, your cyber insurance will provide you with financial protection as well as the resources you need to overcome the situation and keep your business running.

In many cases, your cyber insurance company will actually have guidelines in place to help you create your response plan for a cyberattack, meaning you do not have to come up with the entire thing from scratch. It is in your insurance company’s best interest to ensure you have a strong plan in place since this reduces the damage your business experiences from a cyberattack, therefore reducing the claims they would have to pay out.

Ensure Your Plan Includes Prevention

While you certainly want to have a plan that prepares you for a cyberattack, you should also have a policy in place that prevents this from happening. Ideally, you never want to have to use your cyberattack contingency scenario. This means ensuring you have a policy that includes preventative measures such as a strong security system in place, a strong password policy, smart network policies, a bring-your-own-device or mobile device policy, and regular security audits by an independent organization that can check for weaknesses.

Review Your Plan and Conduct Training

Just creating a plan to follow in case of a cyberattack is not enough without additional action at least a handful of times a year. You should go over your initial response plan with your designated response team a minimum of once every single year. During this time, you should ensure the contact information for the response team is up-to-date and that the techniques and policies within the plan do not require adjustments based on changed technologies or your own policies.

Additionally, you must take the time to train the team that will be involved in a cyberattack response. Everyone in your company should have the training to recognize the signs of a cyberattack and know who to contact with their suspicions. Those responsible for responding must refresh their training on what to do in a specific situation. This training should also include practice sessions that are like fire drills but for cyberattacks. This is an excellent method of ensuring your team remembers their training and that your initial response plan is truly effective. It also serves the benefit of increasing the efficiency with which your team will execute the plan if a cyberattack actually does occur. Think of the phrase “practice makes perfect.”


If you are not prepared, a cyberattack can send your small business into failure, but with a strategy in place, your chances of this occurring are dramatically reduced. The proper plan will clearly lay out your first steps to take following evidence of a cyberattack and guide you through the process of recovering, taking away one element of stress during a time that is bound to be full of anxiety. Simply having a cyberattack plan in place should be enough to eliminate one stressor from your life as a small business owner, provided you also take security measures to prevent cyberattacks.