I was responding to an acquaintance in a group on LinkedIn called SMB Cyber Security that asked what do I do if I’m hacked and I sent him the following. I’m posting my response here as well…
Our Service gets installed by a lot of SMB’s unfortunately AFTER they have been hacked because many exec teams just don’t understand the risks (more).
The exec will ask–what do I do the next time I’m attacked? Our answer—it’s really about what you do BEFORE you have been attacked that matters. So we start educating them about cyber insurance, cyber training for employees, Incident Response Plans (example), Business continuity plans (more info) &/or Disaster recovery plans (more info) and policies such as the examples I’ve included here:
More example policies can be found here.
However, if an SMB gets attacked AND the attack appears serious (potential loss of PII &/or crown jewels) AND they are not prepared with the plans/policies above then they may do the following: