How to Create an Incident Response Plan

We often discuss the proactive approach that you should take when it comes to cybersecurity. Cybersecurity risk assessments help identify the gaps, ongoing training helps strengthen the human risk factor, and tools to keep the team engaged and learning help reinforce those training programs.  But the fact is, you can’t eliminate all the risks that your business faces when it comes to experiencing a data breach.  That means that having an incident response plan (IR) should be on your list of “must-haves” when it comes to smart cybersecurity.

What is an Incident Response Plan?

The name says it all. If there’s an incident, how are you going to respond?  How will your staff respond? Don’t assume that your company has a plan in place. You along with your IT partner need to be prepared to handle cyberattacks, should they occur.  And, according to recent statistics, a victim that is hit every 11 seconds, making it highly likely that a cyber incident will occur. And yes, it is likely to happen to a business regardless of size or industry.

How Do I Create an Incident Response Plan?

The first thing to remember about creating an IR plan is that it is not a one-and-done event.  This is a “living” document that will need to be reviewed regularly and updated as changes occur to your business environment, including when there are adjustments to hardware and personnel. Going over the IR plan with your IT partner at your quarterly reviews is highly recommended. This will give you an opportunity to discuss any changes, including those that you may not have been made aware of, and it also strengthens your relationship with them as your trusted IT advisor.

Identify key players within your organization.  This may include contacts outside of the business such as a PR firm, insurance agent, or legal team that you already work with.  It’s important to have a list of people at the ready for when you need them.  And it is very likely that you will need them.  Scrambling to find help only worsens a crisis.

For all critical roles, identify who that person is, list out all of their contact information, and then identify who the backup would be for that person.  The impact of a breach will be felt immediately by the person answering the phone.  Define for them what they should or should not say if a breach occurs.  Prepared scripts can be very helpful.

Appearing unprepared to handle the crisis at hand can cause more damage to undo, so readying your team for any call or email which lands on their desk is going to serve the entire team well in the long run.

Preparation is Key

You can’t prepare for the exact scenario that you will face in the event of a cyberattack, but you can prepare for how you will react to the unknown.  Keep a copy of the plan and ask that every employee acknowledge it – even reviewing it together can be a team-building exercise with a lasting impact!  And each empoyee should have  a one-page “do this immediately” list to keep at their desk should a breach occur.

Contact us today for help in building a smart and strong cybersecurity posture for your business.

Incident Response Plan – Step 1

Incident Response Plan – Steps 2 and 3

Incident Response Plan – Steps 4 and 5

Knowledge is Power!

Sign Up to Receive Our FREE “Cyber Security Tip of the Week”

No Catch. No Obligation. Just week after week of timely tips to keep you one step ahead of hackers.