Try this first
- 1Pick a scenario that matches your risk. For most SMBs that is ransomware on the file server, BEC with an IBAN swap, or a data breach via lost laptop. Not all three at once.
- 2Write the scenario as a 4-hour timeline: minute 0 (first signal), minute 30 (first recovery attempt), hour 1 (external call needed), hour 2 (customer or board pressure), hour 3 (decision point).
- 3Play it around a table. Someone reads the scenario, the three participants react as they would in reality. No tech executed, just describe who does what.
- 4Keep a list of gaps. We do not know who calls cyber insurance. Our backups are on the same share. We have no second MFA account. That is the harvest, not the drill itself.
- 5Right after the tabletop: five action items on a sheet, with date and owner. Fewer than five is too soft, more than five and you will not finish in a quarter.
When to bring us in
If after the tabletop you cannot tell whether your approach is realistic, ask someone with IR experience to sit in for 90 minutes. An outside voice often sees in 10 minutes what you miss in 10 drills.
See also
- I think I clicked a phishing linkNo shame, happens to everyone. The next fifteen minutes matter.
- A colleague's account is acting strangelySending mail in their name, rules hiding folders, unusual sign-ins. Suspicious.
- Lost the MFA app: new phone, no backup codesClassic problem after a phone upgrade. You are not the first to be locked out.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.