Incident response plans are a critical part of any business’s information security program. We know that it’s important for employees to care about cybersecurity – but what do they know what to do if an incident occurs?
What classifies as an “incident?”
There doesn’t have to be a full-blown breach to classify an incident. Anything that raises a red flag you should consider an incident. For example:
- An email asking for personal information
- Passwords suddenly not working
- An influx of pop-up ads
- No longer being able to access data files
- Your computer keeps crashing
You incident response plan may have some aspects that are related to your Disaster Recovery Plan. In fact, you may want to look at updating both policies around the same time.
If your company has clients that care about security, you might see questions about both of these policies on a vendor assessment security questionnaire.
How to set up a response plan
Your incident response plan will determine the steps to take from the beginning to the end, and everything in between, of a cybersecurity incident.
Step 1: Prepare for an incident by developing policies and procedures. You want to help employees to recognize potential threats.
Step 2: Detect the threat. Set up threat monitoring and do regular vulnerability scans. Most businesses schedule pen tests on an annual basis at least.
Step 3: Evaluate the threat level and the impact it has on your business. You want to know the risks and consequences if the issues aren’t solved as soon as possible.
Step 4: Respond to the threat and reduce further damage by isolating affected systems.
Step 5: Review the incident response process and determine what your team could do differently to avoid this from happening again. While one incident can be bad, you don’t want to repeat the same mistakes.
Your company’s Security Team should keep updated resources in place for cybersecurity incidents and every employee should have access to these resources. A stronger team means a stronger cybersecurity defense.
Do you have a policy and plan in place for responding to security incidents?