Small Business: When was your Last Tabletop Exercise?

By Elvis Huff on March 1, 2019
4 minute read

It may sound like a new yoga workout for the office, but a tabletop exercise is a non-intrusive discussion where your business’s key players are presented with a hacking scenario, and they step through what would be done and who would be called to mitigate the risk.

Identify weaknesses

A tabletop exercise has one primary goal: identify weaknesses. Since these are exercises and no actual hacking of systems is involved, you can rest easy while exploring just how effective your team is at defending your business from cyber threats. What you discover may surprise you.

Who should attend?

Key stakeholders in your business should attend the exercise. You should have representation from all critical areas: IT, accounting, HR, legal, etc. If your businesses has only a few employees, and you cover all of these roles, consider bringing in your IT support vendor and lawyer to discuss these topics. It will be time well spent.

How to host a tabletop exercise

Ask around, and your IT vendor, insurance carrier and bank may have ideas and suggestions. Consider researching online for some ideas. Be cautious of sales pitches, though; you want a true learning experience, not another slide deck of sales materials.

Depending on your area of business, there are different ISAC’s (Information Sharing and Analysis Centers) for a given industry. For example, there is a real estate ISAC, legal ISAC, financial ISAC – you get the idea. These centers have plenty of scenarios ready to go for you – all you have to do is schedule everyone to be there.

Be prepared to work

Bring a brand new notepad with you to the exercise. You’ll come away with several action items. This is not another meeting to just “sit in and observe.” A good tabletop is designed to make everyone think and explore how they would react given a scenario. Just remember, it is a training exercise, so attack the problem, not the scenario.

Call us – we can help

If you’re interested but unsure, please visit us in person at any one of our convenient WBT locations, online at or call us at 615-444-BANK (2265) and ask for me.  I’d be glad to point you in the right direction.

Have another thought, tip or suggestion? Leave it in the comments below. I would love to hear from you!

Posted by Elvis Huff

Elvis Huff worked as an officer and network administrator for 12 years with the Lebanon Police Department and has also served as an adjunct professor in information systems at Cumberland University. Read More »


  1. Mary Ann Rothman March 6, 2019 at 12:05 am

    Do you have any recommendations, free or paid apps, for anti-virus/malware for a MacBook Air? Also is there a good website that posts current virus’, malware attacks, and security vulnerabilities?


  2. Hey Mary Ann! Antivirus, now also called endpoint protection, is needed on Mac’s too as you pointed out. Any mainstream product does well. I would check out NSS Labs and Gartner’s magic quadrant for independent ratings and make a choice from there. Any of the mainstream products will do you well – it all depends on price and feature-set. Check the reviews here – &

    Two good sites, in addition to this one 🙂 to check out for news on latest cybersecurity articles are US CERT ( & The Hacker News (


Leave a reply

Your email address will not be published.