14 July Blog

Building a Cyber Incident Response and Recovery Plan -For Small Businesses

Cyberattacks aren’t just a problem for big corporations—small businesses are increasingly being targeted by criminals who see them as easier to breach and less likely to be prepared. A well-thought-out Cyber Incident Response and Recovery Plan (CIRRP) helps you react quickly and recover effectively if something goes wrong, such as a ransomware attack, data breach, or email compromise.
Creating a plan doesn’t need to be complicated or expensive. Here are the first simple steps you can take to protect your business, your team, and your customers:
1. Take Ownership – Someone Has to Be in Charge
In a small business, you may not have an IT department. That’s okay. What matters is that someone is clearly responsible for responding to a cyber incident. This could be the business owner, office manager, or your outsourced IT provider.

• Choose one person to lead the response.
• Make sure they know what steps to take and who to call if something happens.
• If you use an IT support company or MSP (Managed Service Provider), talk to them about what support they provide in a cyber emergency.

2. List What You Can’t Afford to Lose
Start by identifying the most important parts of your business, such as:

• Customer information
• Financial records
• Online ordering or payment systems
• Emails or shared files

Think: If this was lost or locked tomorrow, how badly would it affect us?
This helps you prioritise what to protect and what to recover first if something goes wrong.
3. Define What a "Cyber Incident" Looks Like for You
You don’t need to be a tech expert to define a problem. Create a short list of things that count as a cyber incident in your business, such as:

• You can’t access important files
• Your emails are being used to send spam
• You receive a ransom demand
• Customer data has been accidentally shared or leaked

Knowing what counts as an incident will help your team react faster.
4. Write Down a Basic Action Plan
This can be a one-page document that answers three questions:

1. What do we do first? (e.g. disconnect affected devices, call IT support)
2. Who do we contact? (e.g. IT provider, bank, customers, the Privacy Commissioner if needed)
3. How do we communicate? (If your email is down, do you have an alternative way to notify people?)

Keep it short and clear. Store a printed copy somewhere easy to find—not just on your computer.
5. Prepare Your Team
Everyone in your business needs to know:

• How to spot a suspicious email or cyber threat
• Who to tell if something seems wrong
• What not to do (e.g. don’t click on unknown links, don’t pay a ransom)

Hold a short training session once or twice a year. A 15-minute meeting with examples is often enough to build awareness.
6. Back Up What Matters
A good backup can save your business. Make sure:

• Important files are backed up automatically—ideally both in the cloud and offline
• You regularly test that the backup works
• You know how long it would take to restore files

If your IT provider handles backups, ask them to explain the recovery process and timelines.
7. Know Your Legal and Insurance Requirements
If you handle customer data, especially personal or financial information, you may have legal obligations. In New Zealand, for example:

• A serious privacy breach must be reported to the Office of the Privacy Commissioner
• If you have cyber insurance, check what evidence or reporting is required to make a claim

Keep those contact details in your action plan.
8. Practice and Improve
Even small businesses should do a quick walk-through or role play of a cyber incident at least once a year. Ask:

• What would we do if our email was hacked?
• How would we tell customers if their data was stolen?
• Who can help us?

After each review, update your plan with anything you learned.
Final Thoughts
Small businesses are not too small to be targeted—but you’re also not too small to be prepared.
Starting a basic cyber response and recovery plan takes just a few hours. It could save you days, weeks, or even your business if an incident hits. And most importantly, it gives you and your team confidence to act quickly and limit the damage.
Remember: You don’t need to do everything perfectly—just take the first step.
If you need help with starting your CIRRP, reach out to our team at Cyberplanz. 
​