It’s said often that the matter of experiencing a cyberattack is “when,” not “if.” How can your company begin to prepare itself for something that can adversely affect it? According to CompTIA’s article, an Incident Response Plan (IRP), can help you think ahead and have a plan in place when an incident occurs. Read on to learn more about preparing and protecting your company from current and future threats.
Incident Response Plans Defined
An Incident Response Plan is what it sounds like, having a plan to respond to a cyber attack incident and mitigate the damage. An effective plan is a “combination of people, process and technology that is documented, tested and trained toward in the event of a security breach.” The purpose of it is to mitigate damage (data and money loss) and restore operations. The National Institute of Standards in Technology (NIST) sets forth a few models for your plan, whether it will be handled by a central Cyber Security Incident Response Team (CSIRT), distributed among multiple response teams for locations or departments, or one in which a central body relays response plans to affected teams. While plans contain four phases, the first one of preparation can help prevent a lot of damage.
Steps in the Incident Response Plan
Does everyone in your company know what to do first when a cyber attack hits? Do they know whether to power off their computers, and how soon they can resume work? What will managers do? Does your marketing team know who to communicate with, and when? These are just a few of the questions to address when considering your plan. Often the first step is mitigation, and your staff should know what to do. Whether you need to report data loss or remediate ransomware it is imported to be prepared
Communicating about the incident is another aspect of the plan; determining when to communicate, who will communicate and how to communicate should be considered in advance for likely scenarios. Having communications templates at hand may shorten the response time and ensure your message is on point. Knowing who is responsible for communications can free up valuable technical resources that may be focused on remediation vs. response.
Practicing Your Plan
If experience is the best teacher, how does a company gain experience short of a cyber attack? With “wargaming,” the incident response team can take employees through all stages of the response plan by staging a mock attack–a ransomware attack, for example. To start with, everyone should know what to do first when facing a threat. An important part of this testing is analyzing your company’s response, what went right and what needs improvement.
Having a well drafted, tested plan in place goes far toward mitigating the damage from a cyber attack. For assistance in developing your plan, contact us today.