Equifax faced criticism after how the company reacted to a hack that was announced in September 2017. When dealing with a cybersecurity event, a quick response is necessary to minimize damages from the event. Delays can cause continued interruptions in day to day business processes the damage or loss of vital information; they can also make it harder to track down perpetrators and recover both data and money from them. To this end, most cybersecurity experts recommend that businesses put in place an incident response plan so that teams can act as quickly as possible after an incident instead reacting with a frantic, disorganized frenzy of activity.
Why Incident Response Plans Are A Critical Procedure For Your Business
Incident response plans enable businesses to respond to crucial cyber security events faster by setting up systems to monitor and discover incidents as quickly as possible, designating individuals responsible for reacting to the incident, and laying out procedures for those individuals to follow in responding. They should involve input from all the different departments of your business affected by a cyber incident and ideally the creation of an incident response team, though that may depend on the size of your organization.
How To Create An Incident Response Plan
The first step in creating an incident response plan is building procedures for detecting cyber security incidents and assessing their severity. Employees should be empowered to escalate cyber security concerns to the appropriate levels when they observe concerning activity. Responses from that point must depend on the assessed severity level and getting the right information to the right people, both within and without the organization.
Key Players Should Be Interchangeable
Charlie E. Bernier Principal Consultant and Cyber Insurance Expert at ECBM advises that "A good incident response plan should also designate directly responsible individuals - team members who have specific responsibility for key security and response areas in the event of a cyber security incident." For example, one person may have the chief responsibility of gathering evidence as to how the breach happened. Another person may be designated as the chief external communicator - the person responsible for having appropriate conversations with law enforcement, third party vendors, and cyber insurers.
Make It A Part Of Your Normal Business Procedures
Companies can also lay out manuals for how to respond to specific incidents and create step by step guides for mitigation procedures as part of their incident response plans. This may include implementing a strategy on how to respond to ransom demands or ransomware attacks; it can also involve seemingly simple and therefore easy to overlook response steps like changing company passwords. "These guides should also include notification procedures. For example: key contact information for law enforcement, a third party cyber forensics team, and the insurance company that issued the cyber insurance policy," adds Charlie.
The Benefits For Your Business
Responding quickly to cyber events can save a company millions of dollars. Preparing for these eventualities in advance is a great way to allow your company to respond quickly and save that money. Thinking through these procedures and having them laid out and explained to employees will put you in the best position to survive.