A crucial aspect of security many businesses lack is an Incident Response Plan. What will be your organization’s reaction to a technical system failure, reputation-damaging social media moment, or data leak? Once a problem has been detected, there needs to be a protocol to follow. Protect your company as much as possible from liability while doing damage control to preserve your brand’s reputation.

Many people find that the process of planning for a problem brings underlying issues forward. They are more aware of how their technical systems work and where the potential issues are. Asking the hard questions is key to understanding how secure your organization is.

Below are areas which are crucial to any Incident Response Plan.

Structure

When an organization suffers a security breach, social media drama, or any technical failure there is going to be a lot of blame flying around. You must have a recognized hierarchy and reporting system which places an emphasis on accountability and efficient problem solving. Everyone will be under pressure and it is essential that emotions don’t get in the way.

Cooperation is critical because there must be input from Legal, HR, IT, Marketing and any other affected disciplines. Know ahead of time which questions will need to be asked, and which solutions are going to be possible.

Key Questions

• Who are the representatives from each department going to be?
• What information is each representative responsible for covering?
• Who is going to handle communication with internal and external stakeholders?

Understand Legal Implications

The time to assess your organization’s potential for legal liability is before you have a problem. The scary “What if” questions need to be a part of every business decision, especially those involving technology. Data centers, email accounts, and your social media are all target-rich environments for attackers.

Data

• What data do you store on: employees, customers, intellectual property, etc.?
• If your data was stolen, what harm could be done to the organization?
• What would that cost to address?

Social Media

• What is your social media reach? (How big is your audience?)
• Which employees have access to the company’s social media accounts? Who has publishing permissions?
• What damage could a malicious employee do to your reputation? What checks and balances are in place to prevent those issues?

IT Practices

• Are you taking every reasonable precaution to prevent a cyberattack?
• Do you have regular backups with restore points to prevent data-loss?
• Which departments or employees represent the greatest threat to the organization if their devices or accounts were compromised?
• Are employees adequately trained and supported to use the devices and accounts they are given access to?

Refer to our A Mid-Year Review of Your Cyber-Hygiene for more tips and best practices in this area.

Document Everything

While reacting to a problem, it is natural to attempt to change and fix things quickly. However, it is vital that as much evidence be gathered as possible. Nearly every technology-related problem which could harm your business comes back to one of three areas:

• An Employee: Either through an honest mistake or malicious action.
• An External Attacker
• Technical System Failure: An issue with little or no human influence.

In any of those three cases, information is vital to setting things right. In the case of an honest mistake, you have an opportunity for staff-wide training to reduce the likelihood of future errors. An outside attacker will be dealt with by law enforcement who will need to reference the data you have gathered. And a technical failure will require going back-and-forth with the manufacturer or distributor of those systems.

The worst case scenario isn’t just suffering an attack, it is not knowing in detail exactly what happened. A lack of information leaves you vulnerable to a repeat scenario.

Practice

Having a plan is a great start, but you need to practice it in order to be confident it will work. Simulations and thought exercises which test your team are the best way to keep everyone sharp and to improve upon your Incident Response Plan.