Planning your response to a cyber security incident
We’re under attack
Someone, or something, gaining unauthorised access to your company’s information is a terrifying scenario, but it’s one we all need to plan for. A cyber security incident may result in you waking up one morning to find all your company email addresses compromised, or your primary database available to download on the internet. However the attack takes place, your response to it will be defined but just how prepared you are for it. That’s why early alert systems and comprehensive monitoring programmes must be undertaken.
Someone slipped up
A cyber security incident could also take on a less nefarious, albeit just as scary, form. Perhaps it’s a slip up on your social media channels, or a confidential email sent to the wrong person. No matter how the incident takes place, responding to it, acting on it, and doing what you can to prevent further similar incidents, is important.
Incident response policies
Your company’s cyber security incident response policies must:
- Be framed in accordance with your business operations and objectives.
- Be based on real-world scenarios, and not just theoretical concerns.
- Include a full risk assessment, that’s regularly revised in accordance with your industry needs, business requirements, and changing policies.
- Identify key team members, stakeholders, service providers, and decision makers.
- Define certain types of cyber security incidents, prioritising them in terms of potential threat to your business.
- Include a full listing of assets, both physical and digital, to ensure your team can adequately and effectively monitor every asset.
- Set out a hierarchy of information flow, that highlights who knows what first, who gets to hear about it second, and how they should respond.
- Include prepared public statements that can be revised, updated, or completed, on the fly.
- Include a full incident log format, to be completed, analysed, and kept on file for future use. These are very useful for when you need to revise your plans and update them.
Knowing what to do for a cyber security incident.
But having a set of cyber security incident response policies and procedures is not enough – you need to rehearse them too. Set aside some time to test procedures, and then reframe your policies in accordance with any changes or improvements you discover. Actively rehearsing scenarios will help to keep your business response-ready and in tune with its operations.
Deploying the plan
Now that it’s set, and you’re feeling confident that your business is ready for anything, it’s time to deploy the plan. Deploying the plan will mean filtering it down into every aspect of your business, including every team member, service provider, and important stakeholders. Deployment should be done in a waterfall way, with each team member briefed on their role in the plan. Naturally, the Head of your IT department will have more to do with ensuring incident response mechanisms roll out quickly when compared with your team of data capturers. Don’t, however, discount the importance of each team member’s role in your deployment – every cog counts.
Test and revise
Once you’ve created your company’s cyber security incident response policies and procedures, tested and deployed them, you’ll need to revise them. Effective cyber security management is not a once-off purchase or procedure: it must be a constant part of your operations. Gather your high-level implementers, management team, and decision-makers, to report back on how your incident response plans have been operating. Where required, revise and update the plans as your business changes, industry adapts to new technologies, or as and when required.
For help in creating and implementing an effective cyber security incident response plan, contact ProPrivacy.
Philipa is the lead consultant and auditor at ProPrivacy. With clients as far afield as Canada, South Africa, Kenya, Germany, Spain and other such exotic locations, besides Cork and elsewhere in Ireland, Philipa enjoys a broad view of the state of data protection, privacy and cyber security worldwide. Philipa’s passion is manageable data compliance for SMEs.
Philipa is a qualified teacher besides holding a computer science (Bachelor of Science in Artificial Intelligence Programming) and electronic and intellectual property law (LLB) qualified. She is trained in constitutional (fundamental) rights litigation and enjoys a good debate.
Philipa has over twenty years of experience working in different sized organisations and sectors on operational, governance, risk management and compliance matters. She is an analytical and focused person that enjoys a challenge in the workplace. She loves technology, systems and people and has a passion for showing people how technology can make life easier and better. She understands that the world is driven by data today but privacy is paramount. Responsibly developed AI excites Philipa for the future.