Potentialy, all companies can face IT incidents (attacks, stolen data or material, disasters, …). Unfortunately, they cannot react in the same way: Compared to the small business, big companies are able to dedicate more resources to incident handling. Worst, in case of incidents, smallest organizations will suffer a lot more!
That’s why, whatever your organization size, you need to set up procedures to handle security incidents.
A new document is available in the SANS Reading Room which covers this hot topic: Security Incident Handling in Small Organizations. Even if your resources are limited, try to follow the following rules:
- Implement a security policy
- Protect the company assets
- Define an Internet usage policy
If your resources are really limited, focus on the critical applications. Perform an assessment and set priorities. Finally, keep up regular trainings. All these topics are covered in the SANS document.