Why You Need an Incident Response Plan....Now!

You’ve been breached. Now what?

New vulnerabilities are coming fast and furious. The unfortunate truth for most of us is, it’s not a matter of IF we are breached, it’s a matter of WHEN we are breached. Replace the worry with a plan - an Incident Response Plan. 

What qualifies as an incident? It’s defined as any attempt, successful or unsuccessful, to disable, compromise, bypass, alter, or by any other means maliciously misuse people, information, systems, applications, and hardware.  

The first step in this planning process is to develop an Incident Response Team to address the following 7 components for your Incident Response Plan.

1. Prepare – Educate your team on what to do if there is an incident and how to respond. If there is ever an incident, it needs to be reported in a timely fashion
2. Detection – Define the incident
3. Assessment – The incident should be classified based on available information to determine whether network communications require closure or Business Continuity Plans require implementation
4. Forensics – Data related to the incident shall be gathered and analyzed
5. Containment – Measures shall be taken to separate impacted systems from the rest of the company environment
6. Recovery – Systems shall be restored to normal operation as soon as possible and follow policy and procedures for applicable Backup and Recovery
7. Post-Mortem – An analysis of the incident, response to the incident, and lessons learned from the incident

Don’t create your plan in a vacuum. Train folks on it. When you’re done training on it, train on it again. Teach your organization what to look for. It’s everyone’s responsibility to be and act like information security watchdogs and your people are your first line of defense against attacks.

Are you doing regular security awareness training? If not, you should be and this plan should be part of that training. Are you doing new hire training? Your Incident Response Plan should also be included in new hire training. 

Lastly, test your plan. Don’t make it and forget it. Your business is changing. Make sure you review your Incident Response Plan at least annually and make any necessary changes.   

If you have any questions or needs related to developing, testing or training on a solid Incident Response Plan, I know a few people who can help you! Feel free to drop us a message!