I was responding to an acquaintance in a group on LinkedIn called SMB Cyber Security that asked what do I do if I’m hacked and I sent him the following. I’m posting my response here as well…
The exec will ask–what do I do the next time I’m attacked? Our answer—it’s really about what you do BEFORE you have been attacked that matters. So we start educating them about cyber insurance, cyber training for employees, Incident Response Plans (example), Business continuity plans (more info) &/or Disaster recovery plans (more info) and policies such as the examples I’ve included here:
More example policies can be found here.
However, if an SMB gets attacked AND the attack appears serious (potential loss of PII &/or crown jewels) AND they are not prepared with the plans/policies above then they may do the following: