How to Respond to a Cyberattack: A Guide for SMEs

You’ve been attacked. You’re not sure what to do and how to respond properly. So what are the next steps you need to take?

Having a well-defined response plan is the most important step that SMEs can take to mitigate the impact of cyber incidents swiftly. In this guide, we help you understand the step-by-step approach you need for an effective, rapid response to a cyber incident and give you the peace of mind you need. As with all cybersecurity responses, we always advise working with a Managed Security Service Provider to bolster your security.

  1. Incident Response Team
  2. Incident Classification & Reporting
  3. Detection & Analysis
  4. Containment & Eradication
  5. Communication & Documentation
  6. Legal & Regulatory Compliance
  7. Post-Incident Analysis and Improvement


1. Incident Response Team:

Identifying key personnel is crucial for an effective response, so you need to know who your Incident Response Team are going to be in advance. These are key people in your organisation with clearly defined roles and responsibilities who you can trust when things start to go wrong.

By understanding who’s responsible for doing what in the event of an incident, you can avoid confusion in the crucial stages of a cyber incident. Having someone to monitor unusual activity on your network and having them report to a third-party cybersecurity team is the first step, although for larger organisations, you can diversify the role more.


2. Incident Classification and Reporting:

To respond effectively to a cyberattack, you’ll need to take a systematic approach to classifying incidents by severity. Outline criteria for incident severity classification and procedures for reporting incidents through designated channels, such as having a separate email address directly for staff to communicate incidents to.

Timely and accurate reporting is crucial to facilitate a rapid response and ensure that you know what to report to the people who will be responsible for dealing with the threat. Having the right protocols in place so your staff know who to report to can save valuable time when there’s a cyberattack, so make sure that your staff know where to report.


3. Detection and Analysis:

After you’ve set up the procedures, detection and initial analysis are the first steps in responding to a cyber incident. You must have adequate methods not just for incident detection but also verifying the nature, scope, and impact of that incident. With a Managed Security Service Provider, detection and analysis are handled externally, so we always recommend that SMEs find a partner to adequately deal with threats.


4. Containment and Eradication:

Once an incident is confirmed, containing and eradicating the threat is paramount. Strategies for isolating affected systems and eliminating the root cause can be wide-ranging, and often rely on the experience and capacities of your teams. Containing threats is the single most important stage in the process, ensuring that other parts of your business aren’t affected by any attack, so partnering with an experienced third-party cybersecurity specialist is always recommended.

Some of the types of attacks you may find yourself dealing with include phishing attacks, which staff training can help mitigate, but for other, more complex attacks such as certain types of malware, you will need to restrict access to infected networks so that the virus can be isolated and destroyed.


5. Communication and Documentation:

Effective communication is critical during a cyber incident, including communication to employees and third-party cybersecurity teams along with other relevant stakeholders. When it comes to a cyber incident, ensuring that stakeholders are informed and updated is essential, and this means having effective external and internal procedures for communicating the issue.

Having strict guidelines for documenting actions taken during the incident response process can help with aiding in accountability and future analysis. Make sure that everyone involved in your IT response knows the communication channels that they need to use – whether that’s sending a report to your cybersecurity partner or to your internal IT team – and then make sure that everything is documented so you can learn from what’s happened.


Understanding and complying with legal and regulatory requirements is always essential for SMEs. With clear guidelines in place, developed by people who know how to respond to cyber incidents, your business should be able to navigate any potential legal ramifications and ensure compliance throughout the incident response process.

When it comes to sensitive data, a breach could have enormous ramifications – especially in the age of GDPR. This is why it’s advisable to work with a third-party cybersecurity team that understands what the legal implications are and how you should respond, such as whether you need to report to an ombudsman about the incident.


7. Post-Incident Analysis and Improvement:

The incident response process doesn’t end when the threat is contained. You must think about the procedures for post-incident analysis, learning the appropriate lessons, and using this knowledge to make continuous improvements. By learning in this way from each cyber incident, SMEs can make their cybersecurity posture more robust, ensuring that they’re better prepared for future threats.

At Sentis Managed Solutions, we have the expertise to bolster your cybersecurity and keep your business safe from threats. We make cybersecurity simple by working with your teams in understandable, simple terms while delivering expert IT services. Get in touch with us to arrange a full security audit of your IT assets.