Small businesses depend on their IT and communications and when something goes wrong, they are usually the first place a customer will try to get it all fixed, but is there more you could be doing before that conversation?
The Cyber Breaches Survey 2022 reported that
“boards tend to trust and defer the finer details of a cyber security approach to their IT teams (in the case of larger organisations) or third parties and external providers (in the case of smaller organisations). This is because there was a low level of knowledge of the technical details of cyber risks and how to manage them at senior management and board level.”
which shows the importance of IT and Comms to small businesses.
Incident response needs to start before an incident ever occurs, with a plan.
Like businesses create fire escape plans, they also need to start developing incident response plans, and IT and Comms companies can be essential in this planning.
The ECRC has a free incident response plan template for businesses to use which explains why they need it but also the key considerations they should be thinking about. Why don’t you adapt it with your information and share it?
Add value to your customers by starting these conversations
A lot of businesses don’t know where to start with cyber resilience so why don’t you assist them by starting the conversation?
How should they contact you in an emergency? What response can they expect? Will you work over a weekend?
Are their phone lines going to work in a successful ransomware attack – if they are on VOIP maybe not, but do they know that?
Will you ned to do any security verification with them? How do you do that if their system is encrypted by ransomware?
Will you need to call in a third-party security company to assist? If so, have you already identified a company you can use? The ECRC has several Trusted Partners who are cyber security firms in the East of England able to accredit cyber essentials, who might be able to assist in this area.
And if the worst happens…
The police want to know about it. Every police force has a dedicated cyber team who are ready to investigate cybercrime.
Any business, charity or other organisation which is currently suffering a live cyber-attack (in progress), can call Action Fraud on 0300 123 2040 to report it. This service is available 24 hours a day, 7 days a week. The report will get triaged and allocated the most appropriate authority.
And if your customer just doesn’t get the importance of cyber security why not refer them to the ECRC?
The Eastern Cyber Resilience Centre is a not-for-profit membership organisation, run by policing, with the intention of increasing cyber resilience of SMEs within the East of England.
We provide free guidance on our website and free core membership. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.