A 5-Step Guide to Creating a Security Incident Response Plan

Did you know that 90% of cybersecurity attacks start with an email? Yes, you read that right. That’s why we’re tackling this topic: it’s important and highly relevant to anyone reading this. 

According to this article, 80% of businesses experienced a cybersecurity incident in 2019.

According to this article, 60% of businesses fold within a year of experiencing a cybersecurity incident.

So…like we said, this topic is IMPORTANT. It’s relevant. And it’s worth having a response plan. 

Now more than ever, cyberattackers are taking advantage of organizations and their employees through advanced phishing attacks targeting valuable information. These attacks typically result in millions in lost revenue, time and effort.

At PK Tech, we recommend mitigating and managing this risk by having an IT team, security protocols and daily practices that will protect and prevent such an attack on your business.


1. Prepare to Lock Down Your Environment

Consider that your computers may be a part of the cybersecurity attack. Be prepared to shut down the affected workstation(s) and server(s) if they’re discovered to be compromised.

2. Divide and Conquer Among Your Team

Cybersecurity attacks can often happen fast and be multifaceted. Have a few staff members designated as part of the core “cybersecurity team”. Depending on the impact of the attack, you may need your team calling vendors, clients/patients, lawyer(s), and your cyber insurance insurance company.

3. Develop Clear Standard Operating Procedures (SOPs)

In order to fully leverage response plan during a cybersecurity attack, you need to have previously developed clear SOPs. This enables each team member to know their role and act quickly in the heat of the attack with specific direction from whoever is in charge. The contents of your SOPs will depend on your industry, company size, and what critical IT systems your business uses to generate revenue. Reach out to us if you’d like to discuss this more in-depth. 

4. Be Ready for Crisis

Consider that during a ransomware attack, you may have multiple individuals, machines or even clients experiencing everything at once. Everyone will want your attention. This is where SOPs come into play. Your plan should include routine trial runs where your SOPs get verified. If/when you need to begin a response to a security incident, it won’t be new information to the security team and you’re set up for success.

5. Prevention is Key

The security incidents that have been knocking SMBs off the map have historically been quite preventable. Do an annual Security Risk Assessment (SRA) to identify all your current risks. Rate each risk by impact and likeliness to occur. Attack the high risk + high likeliness to occur items ASAP. This methodology is a fundamental requirement of HIPAA, but it works across all industries. Over time, what would put your competitor out of business has little effect on yours since you’re actually paying attention to active threats vs. doing nothing and being shocked when you’re attacked and experience downtime for days/weeks/months/forever. 


If you would like a quote or evaluation for IT services, or would like our team to develop a cybersecurity response protocol for your business, don’t hesitate to reach out to PK Tech here: contact PK Tech. We provide support and services to protect your business.

About PK Tech