Today we’re going to tell you the basic steps required for an effective tabletop exercise, but first you need to know exactly what one is. A tabletop exercise is a discussion-based exercise that is officially recognized by the United States Government as being a key tool for cybersecurity, and in particular your incident response plan. They help you evaluate how prepared you are and identify the key areas of risk in your business, so you can get a better idea of what security training and planning is required next.  

What is a Tabletop Exercise?

To put it simply, a tabletop exercise is when a team comes together to discuss what would happen if a cybersecurity emergency occurred in their business. They are usually done in an informal setting, sometimes based in a classroom, where employees will talk about a specific emergency scenario that could occur in their business. Performing a tabletop exercise is a type of security training for employees, and it allows each person to develop a full understanding of what their role is if a cybersecurity emergency occurs.

If you are hoping to gain a quality incident response plan from your security training, then planning ahead is required. We find you get the best results when everyone involved knows exactly what is expected of them and feels relaxed enough to share their ideas and thoughts in an open environment. Some steps you can take towards a productive tabletop exercise include:

1. Define your main goal and choose a scenario that suits it. What do you want your employees to gain from the tabletop exercise? Perhaps you want them to know what to do if there is a data breach, or you’d like them to know what to do if they think someone has accessed their emails. Once you have defined a goal you need to come up with a realistic scenario for them to work through in the exercise. It should be tailored to your company, there is no point in performing an exact copy of a tabletop exercise done by another company because each business has unique needs and goals.
2. Set up the exercise. Inform all staff that will be involved what the exercise is and most importantly, tell them the goal of the exercise. We highly recommend bringing in a cybersecurity professional to help facilitate and evaluate the session. They can help run an effective session and provide you with feedback that will further improve your incident response plan.
3. Evaluate your results. The main question to ask is ‘Do we now have a clear incident response plan for the chosen scenario?’. The real test of your security training is asking whether each employee involved now has a clear idea of what to do if the emergency scenario occurs. After your tabletop exercise employees should know exactly who to report to and what steps to take.

What are the Benefits?

Creating an incident response plan using tabletop exercises is beneficial for a number of reasons. Studies have shown that up to 50% of data loss incidents were due to human error (Source: Netwrix), including employees not knowing what to do when cyber attacks occur. This shows that having an unclear incident response plan can end up costing businesses in money, data and reputation. Performing a tabletop exercise means each employee should have a clearly defined role in an emergency; This gives people the confidence to react faster to a potential threat, and the knowledge to make the right choice.

Additionally, tabletop exercises allow for some highly beneficial security training and team building for employees. In January 2020 an estimated 43% of small and medium businesses lacked any kind of cybersecurity defence plan (Source: BullGuard), and with the risk of cyber attacks consistently increasing it is time to put your incident response plan in place. Giving employees an opportunity to openly discuss and think about their cybersecurity can uncover problems and weaknesses before a hacker or scammer does.

At Euclid Security we offer high quality security training for employees, which includes simulated phishing and tabletop exercises. We are experts in cybersecurity who offer our services worldwide, and can help you whether you need someone to simply supervise your tabletop exercise or create the entire scenario from start to finish to enhance your incident response planning. All of our services are available remotely so don’t let the COVID-19 pandemic prevent you from getting in touch and fortifying your company’s cybersecurity.

Tags: Tabletop Exercise, Incident Response Plan, Security Training