Your Thanksgiving table is set: turkey, stuffing, and all the fixings. After many years of experience, you know to expect the unexpected and are as prepared as can be. Surprise visit from cousin Ned who only drinks aged brandy? You’ve got his favorite bottle tucked away just in case!
In business, we set the table for strong cybersecurity by having multiple layers of ongoing defense. But what we don’t always plan for is the end-of-day cleanup: in the unfortunate case of a breach or incident, how does the company respond?
Why Incident Response?
We do our best to protect ourselves, however, the reality is there is no such thing as 100% security. Preparing with an Incident Response Plan provides guidance and helps to avoid any confusion or panic over “What do we do next?”
An Incident Response Plan is an essential component of cybersecurity and should consider step-by-step instructions detailing:
- How to prepare for and identify a cyber incident
- What specific steps need to be taken for each kind of incident
- Timeline and workflow of incident response process
- Who on the team takes responsibility for what
Not only does this decrease confusion in the aftermath of an already stressful situation, it mitigates expense. The longer it takes to contain a breach, the higher the costs, especially considering indirect costs such as business downtime and reputation. On average, it takes a business 69 days to recover from a data breach – and that’s after the incident is identified.
Give Thanks for Your Team
While cleanup from a cyberattack might start with IT, involvement quickly spreads across and outside of the organization as responding to an incident requires more than just technical mitigation.
An important part of the plan is the Incident Response Team: a list of key contacts who are responsible for handling components of the response. For example, a few team members who should be listed on the plan are:
- Cybersecurity leader to identify the incident and manage the incident response
- Business leader to assist in classification and manage reputational and business needs
- Communications leader to coordinate incident disclosure
- Lawyer to advise on legal implications
- Insurance provider to contact for the insurance claim
- Local police and FBI for reporting some kinds of incidents
It’s one thing to develop an Incident Response Plan, and that’s certainly a great place to start. But if you can’t find it or it’s not updated, it won’t do you any good. As your business and cybersecurity threats evolve, so should your plan. It’s recommended to review your plan at least once per year, or whenever there is a key change in personnel or procedure.
Your Incident Response Plan is more than just a document: it’s an actionable and crucial company policy that merits high priority. Take some time to build (or update) yours – you’ll be thankful that you did!
Your Friends @ Defendify