Helping your business get prepared for a cyber incident

Cybercrime continues to rise exponentially, driven by the rapid growth of ransomware attacks. When a cyber incident happens, a Cyber Response Playbook could help your business to hit the ground running.

So, what are the biggest cyber risks for businesses?

Businesses are relying on technology more than ever and, at the same time, cybercrimes like ransomware, business email compromise and phishing are all on the rise, which is why having a plan or Cyber Response Playbook (PDF 470KB) could be crucial for understanding everyone’s role within a business and the steps to take when (not if) there's a cyber incident.

As part of formulating a playbook, understanding your environment, your assets and the networks connecting them is essential.  

Once in place, be sure to test it out regularly, don’t wait for an incident to happen but rehearse the steps and the process in advance to help highlight potential gaps in your playbook and so everyone involved can get comfortable with their roles. 

For instance, how will you communicate with customers who might be impacted by your cyber breach or outages? Who decides whether the media will be contacted? And who makes that call? Rehearsing puts people in the crisis head space and encourages them to consider hard decisions without an immediate threat to their business or reputation.

Print out a copy of your Playbook

In many cases, the first indication of a cyber incident is when everyone comes to work, but they can’t log in because of a ransomware attack. Suddenly, you can’t access your company directory, your email system, or even your incident response plan. Having a hard copy means you’re not scrambling – you’re looking at the plan, not looking for it. 

Having a list of phone numbers – in hard copy – to call for an instant response and assistance, whether that’s for a cyber-defence expert who’s on contract, IT or leadership support, or an essential provider such as your bank, your suppliers, or your customers. 

Cyber-attacks can be stressful and emotional. So, a playbook should also cover the mental health aspects of an attack, and how to protect your people during a crisis. That’s why we partner with support services such as IDCARE, who can provide support to your business if required. Find out more on IDCARE's website: www.idcare.org.

Who needs to know? 

Financial institutions also play a key role for their customers. If you recognise a transaction that could be due to fraudulent activity on your account/s or if you believe your security has been compromised, report to us immediately. Your next steps might be to contact a cyber specialist, such as IDCARE, and then to lodge an incident through cyber.gov.au/report. Speed is critical.

Prevention is better than cure

Here are some additional good practices that could help further protect your business:  

• Educate your employees about cyber threats and scams impacting businesses. Start by sharing our Scam quiz to help educate them on a range of scams.  
• Make sure all employees (or users) with access to your business technology and accounts have a different/unique email account and password for their various tasks. Particularly, email and internet access shouldn’t be available from accounts that also undertake system administration tasks. And if they leave the business, be sure to delete their accounts and revoke their access.  
• Embrace multi-factor authentication, or MFA everywhere its offered, as an added layer of protection for anyone accessing your digital systems. A lot of attacks just don’t get off the ground with MFA in place. 
• Have a patching strategy for your business to ensure all software is up to date. 
• Regularly backup your data to an external location, preferably so that it can be restored from multiple points in time.