Network Brainiacs
Tip #30·Ransomware

Tabletop-drill your incident plan.

You don't know if your incident plan works until you test it. A tabletop exercise costs two hours and saves weeks during a real event.

Every business we work with that survived a ransomware event had one thing in common: they'd practiced the response before they needed it. A tabletop exercise is basically a fire drill for cyber incidents — cheap, fast, and the single most effective way to find the gaps in your plan before reality finds them for you.

What a tabletop actually is

You gather the relevant people — owner, IT lead, finance, operations, maybe an attorney — and walk through a realistic scenario together. No actual systems get touched. You talk through who does what, who calls who, what you'd decide. When someone says "I'd call the insurance company," someone else asks "do you have the number?" and you find out right there whether you do.

The gaps tabletops surface

A small firm's first tabletop revealed no one had the cyber insurance policy number memorized, and the HR lead had the only copy on her personal laptop.

Red flag: Six months later, a real incident hit at 8 PM. HR was on vacation. Fixing it ahead of time saved hours during the real call.

A medical practice tabletop exposed that only the owner could authorize the shutdown of the EHR, but nobody knew where the emergency paper records were stored.

Red flag: Cost them nothing to discover this during the drill. Would have cost them patient care during a real event.

How to run one

  • Pick one scenario — ransomware on a Friday night, BEC wire fraud, stolen laptop, employee leaks data.
  • Invite the people who'd actually be involved. Two hours is enough.
  • Walk through minute-by-minute: "it's now 8:15 PM, the file server is encrypted, what do you do next?"
  • Have someone take notes on where decisions stalled or info was missing.
  • After the exercise, assign owners to fix each gap within 30 days.

We facilitate tabletops.

We run a two-hour facilitated tabletop for our clients that usually finds 8-12 real gaps. Small investment, big payoff.

Do this today
  • 1Schedule your first tabletop this quarter. Two hours on a Tuesday afternoon is plenty.
  • 2Pick a scenario that matches your biggest concern — ransomware, BEC, breach notification.
  • 3Include everyone who'd actually be involved — leadership, IT, finance, HR, legal.
  • 4Document gaps and assign owners to fix each within 30 days.
  • 5Rerun every 6-12 months — threats change and people change roles.

Want help securing your business?

Schedule a quick security review with our team. 15 minutes, no sales pressure — walk away knowing exactly where your gaps are.

Schedule a quick security review

Keep reading

Tip #6 · Ransomware

Ransomware starts small.

Ransomware doesn't arrive with sirens. It arrives as one boring email, one click, one moment of trust — and then spreads quietly for days before the lock.

ReadTip #10 · Ransomware

What happens when you get breached.

A realistic walkthrough of the first 30 days after a breach — the calls, the costs, the clients, and what you wish you'd done sooner.

Read
Back to all tips