Incident Response: Are Your Employees Prepared? September 22 2017 An Incident Response Plan has many components, and each section plays a significant role in recovering from a disaster. But all of these components mean nothing if your employees don’t understand or know the plan. Educating your employees on the policies of the Incident Response Plan is just as important as the policies themselves. Without a proper internal communication strategy in place to educate employees on the Incident Response Plan, disjointed communications can seep out of your organization and further tarnish its reputation. Educating your employees doesn’t mean training a select few, it means being transparent across the entire organization. You need to make sure that teams involving the roles of sales, PR, legal, HR, etc. are involved too. Weak communication of the Incident Response Plan to certain teams in your organization exacerbate the problem. Take, for example, this tweet posted by Equifax 24 hours after the breach was exposed. The Social Media team at Equifax most likely forgot that this post had been scheduled. Once the tweet sent, Twitter followers were quick to reply calling it “inappropriate” and “in poor taste.” A well-constructed Incident Response Plan could have instructed the Social media teams to cancel or review all scheduled posts. Instead, Equifax added fuel to the fire with an ill-timed tweet. In addition to the tweet above, the Equifax Customer Service team provided people with an incorrect URL to determine their risk level for ten days. Unfortunately, the link they provided led to a phishing site. Fortunately for those users, the phishing site was supposedly created by a developer who did it to highlight Equifax’s lackadaisical approach to security. Another misstep for Equifax in their response to the breach occurred when its legal team included a clause on the aforementioned site stating that if a person used the site to determine their level of risk, they then absolved the right to pursue litigation. This clause has since been removed, and Equifax has stated anyone who used the site may indeed participate in legal action if they choose to do so. Equifax has continued to make critical errors throughout their response to the incident which only increases the level of public distrust. Your Incident Response Plan should not only help put out the fire, it should also help you contain it, while you gather the resources necessary to extinguish it. And if your team does not know where these resources are, or how they work, the fire will continue to grow. Knowing your responsibilities when disaster strikes is an integral part of the Incident Response Plan, and it is important to remember that your Incident Response Plan is only as strong as its weakest link.