Every business needs a cybersecurity plan.
It the centrepiece of any effort to defend against cyberattacks and to mitigate against risks to client data.
We have made cybersecurity plan template based on a framework by the National Institute of Standards and Technology (NIST). The cybersecurity plan has three main areas: before an attack, during an attack and afteran attack.
Before an attack:
This part of the cyber plan is about identifying the strengths and weaknesses of your business cyber security. Before an attack is about protecting you data, protecting your staff, and be able to demonstrate you have taken reasonable steps. Making sure you have the systems and processes in place, and that you and your staff are trained to follow the plan.
During an attack:
This part of the plan being able to detect when a cyber incident is happening. Often attacks happen undetected. It’s then about responding immediately. You and your staff need to know what to do. Just like a fire drill, timing is immensely important, and the longer it takes, or if panic sets in, things can go very wrong.
After an attack:
This phase is about having a recovery plan in place and understanding who will do what after the attack. The fastest road to recovery is essential. This part is also about the knowing the reporting requirements that you must do in the wake of an attack.