Be Proactive, Not Reactive – Why Employee Training and Incident Response Planning Should be at the Heart of Your Business

Written by Jay Jay Davey

Over the course of the last year, CyberClan and the rest of the security industry have observed a large increase in ransomware attacks. These attacks are devastating and can sometimes prove fatal to businesses leading to a loss of revenue that can ultimately mean that these businesses cease trading. This is why it pays to be proactive.

You do not need the latest and greatest top-shelf tools to mitigate the risk or reduce the impact of cyber attack, the first part is understanding that no business is off-limits to a cyber attack, however, not everyone has to be a statistic.

Businesses need to evaluate processes, technology and people to make sure they are operating effectively and in the safest way possible.

Employee Education

Understanding how threats come into fruition in a business environment is crucial as it enables you to identify and respond to them before they become a problem.

Here is how you can educate your employees on cyber threats:

  • The majority of malware is delivered by email. Train your employees on how to identify phishing attempts and implement a process for reporting them to the relevant teams.
  • Provide regular cyber security hygiene tips to help employees protect themselves, and ultimately, the overall business from trending threats.
  • Ensure employees are aware of security policies and processes.
  • Embed a security culture into the business and help employees operate effectively in a safe and secure manner.

Incident Response Plan

No business is fully secure from a cyber attack. For that reason, it is important that businesses have the capability to respond to one if it occurs.

A mature incident response plan includes many parts and will be drilled regularly to provide assurance that the incident response capabilities are up to standard.

How to set up an effective Incident Response plan:

  • Establish and maintain a communication plan with relevant stakeholders who would be involved with the response to an incident.
  • Ensure employees are aware of who to contact in the event of identifying a potential incident.
  • Establish and maintain a list of roles and responsibilities for incident responders.
  • Determine your notification obligations whether it is to alert a governing body, customers or another stakeholder that may be impacted by the incident, this may involve in-house or external legal advice.  

Preparing for a Cyber Attack

It is important that your business is prepared in the event of a cyber attack otherwise it could face a variety of serious repercussions.

How to be well equipped to deal with a cyberattack:

  • Apply recent patches whether it be the firmware of a firewall or switch, to the third-party application on an end-user machine. Keeping them up to date reduces the risk of attack.
  • Perform vulnerability scans on your environment this will give you visibility of any vulnerabilities within your environment and will show you where improvement could be made.
  • Ensure that end-user machines have updated, and working, protective controls such as an anti-virus solution.
  • Follow the CIS Hardening benchmarks to help configure the different technologies within your network securely.
  • Protect access using Multi-Factor Authentication (MFA) to decrease the likelihood of account take over, and increase the complexity of passwords to make them harder to guess.

Asset Management

An asset is “anything that helps the business achieve their objectives”, but in the realms of cyber security, this refers to technical assets such as hardware or software.

Asset management allows businesses to monitor, improve and report on the health of their environment. It can help businesses keep track of the lifecycle of software and hardware to ensure that what they have implemented has the relevant support and updates to ensure it remains adequately protected.

Protect Access

It is extremely important that access is effectively monitored and protected. Different accounts have access to the different systems and services that may contain, process or otherwise use information that may be sensitive in nature to a business. By restricting access to only those who need it, the threat actor will only be able to get so far within the network. 

Access management is a crucial element in reducing account take-over risk to ensure that permissions and access is monitored, granted when needed and revoked when not needed or after someone has left the business. This follows the principle of “least privilege”, meaning users should have the minimum permissions required to perform their expected duties in regards to their role.

All it takes is a weak password on an account with excess privileges for a high impact attack to take place.

Final points

Cyber security is a journey as it is not something that can be mastered straight away. It must be in line with the business objectives and ultimately help the business operate effectively in a safe manner.

CyberClan is committed to supporting businesses through this journey by helping them mature in terms of their cyber security. For more information regarding how CyberClan can help your business, please fill out the form below: 


NCSC 10 steps to cyber security –

NCSC Incident Management –

NCSC Asset Management –


Knowledge Base

The Uber Hack – what went wrong and how bad is it?

Written by Mikel Pearce On September 15, Uber revealed that it was responding to a “cybersecurity incident”. Over the past ...

Read More +

Combating cyber security threats in educational institutions

Written by Natalie Trotter Cyber-attacks within educational institutions have been growing in frequency over the years and COVI...

Read More +

Cyber Exclusions and Nation State Actors – Burden of Proof Issues?

By Mikel Pearce In a recent Market Bulletin dated 16 August 2022 [1], Lloyd’s has set out its requirement that any standalone...

Read More +
CyberClan CyberClan CyberClan CyberClan