Incident Response Planning
There’s nothing more critical in cyberspace right now than security. With offices shifting from skyscrapers to the home, doors that were initially closed to cybercriminals are now wide open. Employees everywhere are accessing and submitting sensitive data on their home devices and VPNs. For this reason, and many more, having an Incident Response Plan in the hands and minds of your business leaders is crucial.
Most people think of the IT team as solely responsible for cybersecurity. Many security services indeed rely on technology, but we can’t forget about the people and process side as well: the training you require your staff to attend, how much you weigh a vendor’s cybersecurity capabilities in your vendor selection process, and the business decisions you make when you are subject to a cyberattack.
The collective business decisions you need to make during and following a cyberattack are known as an Incident Response Plan. While your IT Team can manage the Disaster Recovery Plan to get your systems back up and running, the Incident Response Plan is the Business Leaders’ responsibility to architect and execute. This includes decisions like: Do we pay the ransom? What do I disclose to my customers/members/donors? Will we report this to law enforcement? These are questions that only you can answer.
It’s integral to establish this plan before a security breach forces you to act without preparation. Crafting (and practicing) an Incident Response Plan in advance will help you mitigate the worst risks from a cyberattack such as financial losses, legal and regulatory fines, and your organization’s reputation.
- Document all stakeholders that need to participate in this process
- Establish chains of communication between stakeholders and define communication-centric roles and responsibilities
- Communicate cybersecurity expectations to every level of your business
- Create data and financial assets inventories
- Prepare customized playbooks addressing specific cybercriminal incidents, including financial fraud, unauthorized financial institution access, and extortions/ransomware
- Provide instructions and best practices on filing a Cybersecurity Insurance Claim and dealing with both Insurance Carriers and Insurance Brokers
- Provide education on the best practices related to investing in preserving evidence and computer forensics
- Create and conduct regular War Room Exercises with key stakeholders and leaders
- Prepare your accounting department to make a ransom payment via cryptocurrency, should the situation warrant
- Provide thorough Incident Response Plan documents, including revisions and version control
The success of all involved in your company hangs on your preparation for security breaches. Implementing an Incident Response Plan brings you closer to ensuring your business’s safety and functionality.