Cyber attacks are common and damaging for law firms and other small and mid-sized businesses. Yet many do not have a sufficient cyber attack response plan of what to do in the event of a cyber attack. Even with the increasing frequency and cost of cyber incidents, as many as 34% of businesses don’t have a formal cyber attack response plan applied uniformly across their entire business.

The lack of a formal incident response plan can create risk for your firm. Confusion over how to respond to a cyber attack could worsen the attack, lead to mistakes by your organization that increase liability and leave you unprepared to address the concerns of your clients and stakeholders.

Developing a plan now before you face a cyber incident allows your firm to minimize your risk. It’s easy to get started forming your own incident response plan with these steps:

1. Start with a Risk Assessment

A full risk assessment can give you important information about your organization when it comes to a cyber incident. Look at the likelihood and severity of threats. Don’t just focus on worst-case scenarios. Every business faces different risks, and your cybersecurity incident response plan should be tailored to your own needs.

2. Identify Your Cyber Vulnerabilities

Look at what is at stake for your firm in the event of an attack. It could be data (client records, financial details, case files, trade secrets) or systems (daily operations, backups, communications) or a combination of the two. Note that different types of data and systems may have different vulnerabilities and require different responses in the event of a hack.

3. Decide When to Raise the Alarm

Because your firm’s risks and vulnerabilities will be unique, your own definitions of what’s normal and what constitutes a cyber attack will also be unique. Your plan should precisely define when it is appropriate to raise the alarm that a cyber attack has occurred.

4. Plan for Detection

Determine how your firm will detect a hack, breach or other cybersecurity incident. Your firm may be protected by inhouse automated systems, utilize a help ticketing system or be monitoring by outside security.

5. Gather Your Team

A strong cybersecurity incident response team will be crucial during a hack. Involve key stakeholders across all parts of your firm, including admins and partners. Your team may also expand to include outside experts, such as data forensics experts and your insurance provider.

6. Inventory Assets and Resources

In the event of an attack, you’ll need to know what systems and experts you can rely on. Take an inventory of systems, such as backups, firewalls, log systems and software. Determine team members you can turn to and identify outside law enforcement partners and security experts.

7. Plan Your Incident Response

A crucial stage of planning involves determining how your firm will investigate attacks, contain threats and recover from a hack. Your plan should address each kind of incident you may face, deliver a plan of action your team can follow and take advantage of your assets and resources.

8. Draft Your Communications Now

A cybersecurity incident often mandates notification and requires careful public relations management. It’s a good idea to draft communication templates that can be used in the event of an attack. Planning now ensures you meet legal and regulatory requirements, create consistent messaging and can act quickly when needed.

9. Create a Cybersecurity Event Log Template

Staying organized as your team responds to a threat is important. Use a cybersecurity event log to track the discovery of the hack, the communications and actions taken and other technical data. Documentation helps your security experts, legal team and law enforcement as they assist with your cyber attack response.

10. Remain Vigilant for Threats

Stay alert for cyber attack threats. Practice your incident response plan with your team to ensure you’re ready for a hack. Review your plan regularly and update it whenever your systems, operations or personnel change.

11. Consider Cyber Liability Insurance

Cyber Liability Insurance protects your firm from the cost of defending against a cyber attack. With Cyber Liability Insurance from Lockton Affinity, you receive comprehensive coverage at affordable rates. Discover more benefits of cyber liability insurance for your firm today.