Planning your response to a cyber security incident

We’re under attack
Someone, or something, gaining unauthorised access to your company’s information is a terrifying scenario, but it’s one we all need to plan for. You may wake up one morning to find all your company email addresses compromised, or your primary database available to download on the internet. However the attack takes place, your response to it will be defined but just how prepared you are for it. That’s why early alert systems and comprehensive monitoring programmes must be undertaken. 

Someone slipped up
A cyber security incident could also take on a less nefarious, albeit just as scary, form. Perhaps it’s a slip up on your social media channels, or a confidential email sent to the wrong person. No matter how the incident takes place, responding to it, acting on it, and doing what you can to prevent further similar incidents, is important. 

Incident response policies
Your company’s cyber security incident response policies must: 

  • Be framed in accordance with your business operations and objectives. 
  • Be based on real-world scenarios, and not just theoretical concerns.
  • Include a full risk assessment, that’s regularly revised in accordance with your industry needs, business requirements, and changing policies.
  • Identify key team members, stakeholders, service providers, and decision makers.
  • Define certain types of cyber security incidents, prioritising them in terms of potential threat to your business.
  • Include a full listing of assets, both physical and digital, to ensure your team can adequately and effectively monitor every asset.
  • Set out a hierarchy of information flow, that highlights who knows what first, who gets to hear about it second, and how they should respond. 
  • Include prepared public statements that can be revised, updated, or completed, on the fly.
  • Include a full incident log format, to be completed, analysed, and kept on file for future use. These are very useful for when you need to revise your plans and update them.

Knowing what to do
But having a set of cyber security incident response policies and procedures is not enough – you need to rehearse them too. Set aside some time to test procedures, and then reframe your policies in accordance with any changes or improvements you discover. Actively rehearsing scenarios will help to keep your business response-ready and in tune with its operations. 

Deploying the plan
Now that it’s set, and you’re feeling confident that your business is ready for anything, it’s time to deploy the plan. Deploying the plan will mean filtering it down into every aspect of your business, including every team member, service provider, and important stakeholders. Deployment should be done in a waterfall way, with each team member briefed on their role in the plan. Naturally, the Head of your IT department will have more to do with ensuring incident response mechanisms roll out quickly, when compared with your team of data capturers. Don’t, however, discount the importance of each team member’s role in your deployment – every cog counts.

Test and revise
Once you’ve created your company’s cyber security incident response policies and procedures, tested and deployed them, you’ll need to revise them. Effective cyber security management is not a once-off purchase or procedure: it must be a constant part of your operations. Gather your high-level implementers, management team, and decision makers, to report back on how your incident response plans have been operating. Where required, revise and update the plans as your business changes, industry adapts to new technologies, or as and when required. 

For help in creating and implementing an effective cyber security incident response plan, contact ProPrivacy.