Cyber Risk Management Plan: 5 Steps to Protect Your Business

Policies and ProceduresCyber SecurityGovernance and Risk Management
Written By Elouise Van Genderen

Cyber attacks aren’t a matter of if,
they are a matter of when.

From phishing emails to ransomware, even small businesses are prime targets. A well thought out cyber risk management plan doesn’t just protect your data; it helps you stay in control before, during, and after an attack.

Create a Cyber Risk Management Plan

A solid risk management plan will help ensure you are prepared not only to prevent an attack but also to respond effectively during and after one occurs.

Step 1: Identify the Risk

The first step in your plan is to identify where the risk is. What is it you need to protect?

Data may be the first thing that comes to mind, including customer records and personal information. Other assets may include intellectual property, funds (money) and system availability. 

As yourself, what would it cost you if your customers were unable to access your website for a day, a week or a month?

Step 2: Identify Threats

Next, consider what you need to protect against?

Threats come in the form of social engineering and cyber fraud, phishing, malware, denial of service attacks and systems compromise.

For a deeper discussion of cyber threats check out this article.

Look at your business and the assets you want to protect and them assess what particular threats are associated with them.

Step 3: Prioritise the risks

Not all risks are equal. Compare the risks against each other and assess:

  • Which risks are the most damaging if they happen?

  • Which risks most likely to occur?

This will help you identify the greatest threats to your business and prioritise your actions.

Step 4: Plan to prevent attacks

Your plan should include how you will respond to the risks that have been identified including:

  • Awareness and Training - ensuring staff know how to spot and avoid threats

  • Protective practices - policies for mangaing and safeguarding information and assets.

  • Preventative actions - steps the business will take to reduce identified risks

Step 5: Plan to Respond to an Attack

Think about what you would do during and after an attack.

This plan should include:

  • How you will get your operations and networks back up and running.

  • Who will take the lead in your response

  • How you’ll comminicate with staff, clients and (if needed) the media.

How detailed your Incident Response Plan is will depend on the size of your organisation and your networks.

Resources

The Australian Cyber Security Centre (ASCS) has information and guidance on preparing Incident Response Plans.

Checkout our Cyber Security Checklist - Free to Download.

Ellevate Solutions | Cyber Risk Management Plan | Picture of Elouise, a blonde woman in a cafe with a coffee and pen in hand ready to discuss Cyber Security

Need help?

We can work with you to develop a practical, tailored cyber security risk management plan for your business.

See our Cyber Security Governance Services.

Book in a call with Elouise today

Elouise Van Genderen
Previous

Email Payment Scams: How to Spot and Prevent BEC Fraud
Next

Top Cyber Risks for Small Business & How to Spot Them