No one expects to be attacked by cyber criminals. Whether you think your business is too small or your data is not worth hacking, there are many reasons why you could be a target.
That’s why you need a cyber incident response plan.
What is a cyber incident response plan?
It is a document that outlines how to respond and recover in the event of a cyber-attack, such as a data breach or ransomware.
It should allow any individual within your organisation to follow the steps to correctly respond to a cyber incident.
Five Things You Need in Your Cyber Incident Response Plan:
There’s a lot of information you could include in a cyber incident response plan. Whether you’re starting from scratch or looking to update yours, here are five key things you should include:
1) Roles and Responsibilities
Who are the main contacts in your organisation when a breach, or potential breach, is detected. Make sure you list more than one person in case someone is on leave or cannot be contacted.
Some cyber incident response plans include a hierarchy of who to contact. However you structure it, make sure it is clear to ensure the right people can investigate as soon as possible.
It’s also worth including the contact details for external providers, such as your managed IT or cyber security provider (like us).
2) Identification and Logging
Gather as much information as possible to identify how serious the breach is, where it originated and if it has spread.
Outline what tools you have available to detect threats, and what analysis is required. You also need a clear plan of how you are going to log information and where it will be stored.
3) Responding, Eradicating and Recovering
Once you have analysed the breach, it’s time to respond, eradicate and begin recovery. What does your process look like for this? What tools or support do you have in place to contain the incident and keep your business operating? This step should also include communication with stakeholders and possibly law enforcement.
4) Communication
Once you know you have the threat contained, you need to have a clear communication strategy in place. This should include how to inform internal teams, customers, partners, and regulatory bodies about the incident.
It may also include handling any media or press.
5) Post Incident Review
Once the incident has been resolved, you should conduct a review to understand what happened, how it was handled, and what can be improved. This includes a review of your cyber incident response plan.
It’s important to keep your cyber incident response plan up to date. Regularly schedule time to make sure the information is correct and that you have accounted for any changes within the cyber threat landscape, as well as within your business.
You also need to ensure that the plan is accessible to all staff, even if they just need to refer to it for escalation purposes.
It’s better to be prepared and not need it, than to be mid-incident and unprepared.
