IT Blog

Cyber Security

How to Create an Incident Response Plan

Incident Response Plan

We often discuss the proactive approach that you should take when it comes to cybersecurity.  Security risk assessments will identify the gaps, ongoing training will help to strengthen the human risk factor, and tools like Catch Phish will keep the team engaged and learning along with those training programs.  But the fact is, you can’t eliminate all the risks that your clients face when it comes to experiencing a data breach.  That means that having an incident response plan (IR) should be on your list of “must-haves” when it comes to smart cybersecurity. 

What is an Incident Response Plan?

The name says it all. If there’s an incident, how are you going to respond?  How will your clients respond? Don’t assume that they have a plan in place. You are the IT expert and trusted advisor and the first person that they will turn to when a cyberattack occurs.  And, according to recent statistics, there is a good chance that they will be one of the victims that is hit every 11 seconds.  And yes, it is likely to happen to a business regardless of size or industry.  

How Do I Create an Incident Response Plan?

The first thing to remember about creating an IR plan is that it is not a one-and-done event.  This is a “living” document that will need to be reviewed regularly and updated as changes occur to the business environment, including when there are adjustments to hardware and personnel. Going over your clients’ IR plan with them at their quarterly reviews is highly recommended. This will give you an opportunity to discuss any changes, including those that you may not have been made aware of, and it also strengthens your relationship with them as their trusted IT advisor. 

Identify key players within the client organization.  This may include their contacts outside of the business such as a PR firm, insurance agent, or legal team that they already work with.  If they don’t have these individuals defined, have a list of people at the ready for when you need them.  And it is very likely that you will need them.  Scrambling to find help only worsens a crisis. 

For all critical roles, identify who the person is, list out all of their contact information, and then identify who the backup would be for that person.  The impact of a breach will be felt immediately by the person answering the phone.  Define for them what they should or should not say if a breach occurs.  Prepared scripts can be very helpful. 

Appearing unprepared to handle the crisis at hand can cause more damage to undo, so readying the team for any call or email which lands on their desk is going to serve the entire team well in the long run.

Preparation is Key

You can’t prepare for the exact scenario that you will face in the event of a cyberattack, but you can prepare for how you will react to the unknown.  Give your clients a copy of the plan, ask that every employee acknowledge it – even reviewing it together can be a team-building exercise with a lasting impact!  And have a one-page “do this immediately” list for each employee to keep at their desk should a breach occur. 

As you build the process for this “fire drill” for your clients, ensure that you have your own plan in place for your business.  Breach Secure Now Partners get access to a written Security Incident Response Policy, as well as templates for creating an Incident Response Team, and more! Contact us today for help with how to strategize with your clients for a smart and strong cybersecurity posture.

The post How to Create an Incident Response Plan appeared first on Breach Secure Now!.