Step 4 is Respond.
No matter how many defensive steps you take to protect your business, an incident may still happen. Some would say it’s not a matter of if, but when. Considering this point of view, when an incident happens are you prepared to properly respond?
There are several resources available at the link about to help you consider your response plan. Key elements are as follows:
Resolve the incident as soon as possible.
Determine what data may have been lost and what individuals may have been impacted.
Keep the business functional while the incident is being addressed.
Activate a comprehensive communication plan internally & externally.
Determine if you need to comply with any laws related to the incident.
Report the incident in accordance with your internal plan and any regulatory requirements.
Step 5 is Recover.
Recovery kicks in after the initial response to a cyber incident. It goes beyond the initial steps identified in Step 4, above.
Recovery includes the complete return of business as usual, including any technical restoration required. What people often forget about during the recovery phase, is preventing a recurrence and ensuring that the company is better educated and positioned for the future.
Recovery includes zeroing in on the type of company culture you want to have with regard to cyber security. How will you monitor the ongoing position of the business and evaluate the effectiveness of both technical defenses and user education efforts to keep awareness of cyber threat foremost in every employees mind.