Why are “Incident Response Plans” for small businesses not being developed?


It will not be surprising to say that 80% or more of the small businesses do not have any kind of Incident Response Plan. Hence, unprepared for any kind cyber threats, data theft or any kind of natural disaster. As cyber-attacks are on the rise for any size business, it is vital to have an incident response plan ( a set of guidelines and action plans to limit the exposure and the effects of incidents).  A study from The University of Alabama at Birmingham Collat School of Business reports similar findings for SMBs, with 61 percent admitting to being a victim of a cyber-attacks. For large enterprises, they are even more common. Perhaps the most shocking finding by the UAB study is that 82 percent of large companies reported a breach by their own staff.

This only proves that cyber-attacks will occur anytime and anyplace.  The only hope to mitigate the risk is to develop a plan for after the attack. 

But the problem is the reluctance of the small businesses to take any kind of steps against these cyber-attacks as the mindset is that it will not happen to me and if it does it will not going to be a big deal.  As the credit cards get hacked you order another one and the fake charges are reversed back to your account. Or not having the resources or manpower to commit to an incident response plan.   Therefore no incident response plan is developed.   

Although every business is unique and there is no one size fits all plan to address all the possible threats a company may face but it is important to concentrate on the basics.  The main guidelines that should be followed by everyone  are as follows:

  • Complex passwords that are changed at least twice a year
  • Applying patches and updates daily
  • Having the latest Firewall, Antivirus and Anti-malware
  • Not opening emails with suspicious attachments and links
  • Having two factor authentications
  • Securing connections to your data (avoiding public Wi-Fi, establishing VPN, etc.)
  • Employee awareness training

There are many detailed Incident Response Plans available written by Private companies and government, but the above guidelines are the minimum and many cases are inexpensive to implement.  Also it can be outsourced to a certified IT company if the adequate resources are not available. 

Preventing data breaches and cyber-attacks should be the first priority of any business owner. Also, staying current with the latest technology regarding the data security and avoiding the mindset that it will not happen to us. 

Contact Us!

At CEO Computers, our IT support team is at your service. If you would like to know more about incident response plans, reach out to us today at 818-501-2281 or info@ceocomputers.com

Posted in IT Blog