When your company experiences any type of disruption, you need to know that you can restore operations quickly and efficiently. Here’s what you need to know to plan for the worst.
From data breaches to unexpected work from home situations, 2020 is starting off with a bang. Companies are struggling to ensure that they have the resources in place to continue operations regardless of the situation.
Remote access is a significant challenge from an operational perspective, but there are also security considerations for cloud-based data and business applications. From protecting your customer information to providing ongoing access to critical business systems and customer support, having a workable incident response plan can be the only thing standing between your organization the disaster.
James Forbis runs one of the top tech companies in Cincinnati (4BIS.COM) and shares his insights into why organizations need a robust incident response plan.
Reducing the Impact of a Data Breach or Other Disaster
Over the past few years, the cost of a cybersecurity event such as a data breach has increased exponentially, with a single lost record costing organizations upwards of $150 per incident. When you consider that the average data breach results in tens of thousands if not millions of lost records, it’s easy to see how damaging these situations can be for an organization.
Having a proactive incident response plan in place allows you to systematically work through the various stages of an incident, providing proactive communication and solutions during each phase. This documented, written plan is often broken into six distinct phases, providing your organization with the framework needed to kick-start operations and continue revenue-generating activities.
How to Create an Incident Response Plan for Your Company
It’s virtually impossible to plan for every potential scenario that your company could be facing, which is why an incident response is considered a process — not simply an isolated event. This strategic framework provides your teams with an organized and coordinated approach to incidents, allowing your company to respond more quickly.
While all employees in your organization should have a solid overview of cybersecurity, your incident response team is a small fraction of high-level executives from the business, technology and audit teams that are well-versed in the issues surrounding security for your company.
Your incident response plan should include:
- Often considered the most crucial phase, you’ll work together to create a well-documented strategy that outlines the roles and responsibilities of various team members. Included should be your incident response drill scenarios, the timing for mock data breaches, approval and funding for all aspects of your incident response plan including training, execution, hardware and software resources.
- Understanding more about the breach event begins in the Identification phase, capturing where and how the breach was detected, the impacted areas of the organization, the scope of the compromise and identifying the source of the event, if possible.
- Your first instinct may be to immediately delete any deleterious software, but the best option is actually to create a walled garden around the breach. Deleting any information can make it more difficult to track the point of egress at a later date, reducing the possibility that you can remediate the core security failure that caused the breach. In the containment phase, having a robust backup and disaster recovery procedure in place is vital as you may need to disconnect affected systems from the broader network infrastructure.
- You’ve identified the issue and contained the situation, at least for now. The next phase of your incident response plan includes how to eradicate the root cause of the breach. This requires a firm understanding of the breach as well as the activities required to harden systems, update patches and remove any malware or artifacts.
- Are your systems ready to be returned to production or restored from a trusted backup? In the recovery phase, your business systems are slowly coming back online — but only after thorough testing and the assurance that all traces of malware or breach entry points have been eliminated.
- Lessons Learned. A comprehensive retrospective after an event provides the ideal opportunity to review your incident response strategies with an eye towards making necessary changes. Identifying if certain classes of employees need additional training, any system or security changes and new procedures should be added to your revised incident response plan.
There is never a good time for a cybersecurity incident or disaster. Knowing that your organization has an incident response plan in place provides a higher confidence level that you will be able to retain operations in the face of overwhelming odds.
If you aren’t confident that your internal IT and business resources will have the time required to craft an incident response plan, work with your local IT services provider or consultants to ensure you have access to recommendations from top security and disaster response professionals.
Interesting related article: “What is Cybersecurity?“