Cyberattacks can cost organizations millions of dollars and 2021 has seen the highest average data breach cost in the last 17 years. While it’s almost inevitable that you’ll someday deal with a cyberattack on some level, organizations who formed incident response teams and tested their incident response plans were able to reduce the cost of a breach by almost 40%.

With the broad nature of cybersecurity and a lot of ground to cover, many companies don’t even know where to begin. Luckily, a comprehensive, in-depth cybersecurity action plan can be broken down into five stages: Foundational Security, Policies and Awareness, Key Processes, Incident Preparedness and Security Monitoring. While each has their own unique benefits, a true culture of security relies on each stage working together for peak efficiency and protection.

Stage 1: Foundational Security

A good plan begins with the proper foundation. Stage 1 assesses basic functions within your organization and common entry points for potential cybersecurity threats, providing an ongoing “health check” for your technology systems. This stage involves asking questions such as, “what are some best practices that I can enforce in my organization?” “How do I measure my current security risk?” And, “where should I focus my energy?”

Next, you’ll want to identify where your critical data and assets are within your network and how they are accessed. This includes things like administrative access, data backups, email security and how passwords are stored. (Pro tip: always use a password manager, such as LastPass, to easily and securely store and access passwords.)

Stage 2: Policies and Awareness

Once the foundation is laid, it’s time to set up the policies you need to keep things running efficiently and securely. This includes an acceptable use agreement and a writeup of company cybersecurity policies. Your policy should include disaster recovery, business continuity and work from home standards, among others.

From security training to email phishing exercises and remote worker education, it’s important to prepare and educate your staff, as they have the greatest ability to expose your organization and leave it more vulnerable to cyberattacks. After all, nine out of ten cybersecurity incidents are a direct result of human error.

From security training to email phishing exercises and remote worker education, it’s important to prepare and educate your staff, as they have the greatest ability to expose your organization and leave it more vulnerable to cyberattacks. After all, nine out of ten cybersecurity incidents are a direct result of human error.

Stage 3: Key Processes

Now that you’ve checked your current systems and have proper education in place for your people, it’s time to align key processes. These processes should center around areas where your organization has exposed vulnerabilities and increased risk, including asset inventory, mobile devices and remote work environments.

You should also set up regular processes for vulnerability scanning. Cybersecurity risk is ongoing, so just like you should always install the latest software update, you should also routinely update your processes to account for the ever-changing threat landscape.

Stage 4: Incident Preparedness

The primary goal of incident response is to minimize damage by quickly responding to an incident while preserving necessary evidence to prevent future attacks. No matter how prepared you are, there is always potential for an incident to occur, and the worst time to plan is while the threat is active. Preparation is critical, and the right systems, processes and awareness practices can reduce downtime and lessen the financial impact of an incident.

An incident response plan does not have to be lengthy or overly complex. The formula for a good incident response plan involves:

• Defining  what an incident is;
• Identifying who is responsible (both internally and externally);
• Outlining the process of identifying and responding to potential incidents;

Once a plan is in place, it is best to exercise your plan with hypothetical cyberattack scenarios to identify gaps and efficiencies that can be made. Doing so prepares the teams involved to respond quickly and effectively to an incident.

Stage 5: Security Monitoring

The last stage focuses on ongoing support. Cybersecurity planning isn’t just one-and-done; working to remain secure is a constant process. There are a variety of security monitoring solutions out there, including Security Information and Event Management (SIEM) solutions to aggregate log data (think antivirus alerts, firewall issues etc.), 24/7 monitoring at a Security Operations Center (SOC), threat hunting in your network to identify common attacks, and Managed Security Service Providers (MSSPs) that take care of all that fun stuff for you.

How can I begin?

If you need help getting started or building on your current cybersecurity foundation, check out Eide Bailly’s in-depth guide to cybersecurity prevention. Click here to download the guide today.

A version of this article previously appeared on eidebailly.com.