When the inevitable happens, respond effectively and recover quickly with a well-though out Incident Response plan.
In the event of a destructive attack, data breach, ransomware demand, or accidental data loss, time is of the essence. Having a formalized, tested incident response plan makes all the difference.
“You’re formulating a course of action for how you’ll respond to things that may or may not happen,” says Ryan Weston, Chief Information Security Officer at ACS.
The incident response plan should be part of your company’s overall Business Continuity or Disaster Recovery Plan. Take these steps to ensure your plan has key stakeholder support and can easily be implemented in times of disaster.
1. Gain buy-in from the top
The company’s chief executives and board of directors need to be in agreement with your plan. It’s likely you’ll hire outside resources such as vendors or legal counsel to assist in an emergency. Those who write the checks will need to know this beforehand. You’ll also want their support when it comes time to gain consensus from other departments and employees.
2. Identify key personnel or partners
Make a list of individuals who will be key to implementing your plan. This includes legal counsel, finance officers and representatives from human resources, public relations and marketing, information technology, operations, and customer services departments.
Preparing you to face any incident -- and recover rapidly -- is our specialty.
3. Create a plan
The plan will include specific details such as what constitutes an incident. A good way to gauge if something is an incident is to consider how business would be interrupted or disrupted and set thresholds.
Each company has to define what an incident is to them. Some may consider logging into a firewall an incident. Others not until something has been stolen or a system breached.
Some situations may not be severe enough to implement the incident response plan and can be handled by another policy or procedure.
The plan also defines the high-level people or positions who will be involved. It also includes assigning jobs and responsibilities to those who will respond when an incident occurs. This will help you determine where there is a gap in skills and when and in what areas outside assistance will be required.
Your plan will need to include information about how the team will communicate with one another and the tools they’ll need.
4. Document and communicate
You’ll need to keep copies of your plan both on- and off-site, including an electronic copy that is readily accessible and physical copies that are stored in several locations. Electronic and paper copies should be given to stakeholders, those who will respond and take action, and any outside vendors or experts who will be retained if the plan is executed.
5. Test, adjust and retest
Role play with those involved and create potential incidences in which they would be required to implement the plan. Evaluate how well the plan was executed and how well it resolved the issues. Make adjustments as needed and then retest the plan. Weston recommends testing a couple of scenarios from a small-scale issue to a large disaster.
Assess your plan at least once a year, if not quarterly, depending upon your industry. Add new processes and critical operations as your business evolves, as employees leave and as positions change.
If you’re unsure whether your plan meets these requirements, or if the thought of all of this makes your head spin, a third-party technology services provider can help review your plan or help you create a custom plan that will ensure it follows industry standards and best practices.
Need advice on setting up your Incident Response plan?
Get In Touch