It’s important to take preventative action to stop cyber-security incidents from occurring. But realistically, many individuals and companies will find themselves under attack by hackers and subjected to other threats. Don’t wait until something happens to make a plan for how to respond and limit the damage. The stress of the attack itself will push you into hasty actions that may actually make the situation worse.
Give yourself some peace of mind and create an incident response plan that answers these questions:
- What is your threat environment? How likely are you to experience an incident? What is the possible severity? Be sure to consider industry-specific threats, your third party networks, at-home workers who may be working on less secure devices, and what type of data your company collects and stores.
- What are your key assets? Identify your mission-critical systems and most important data. What would the effect be of losing any of them?
- What is the plan for each major incident type? Different incidents have different responses – a loss of personnel data vs. a ransomware attack vs. a breach of customer payment information, for example. What are the response objectives and timetable for each?
- Who’s in charge? All parties – management, IT and line staff – need to understand the chain of command. Who makes what type of decisions? What is the involvement of senior management? Management responsibilities and staff.
- Who are your resources? Include key contacts with third party providers, local or home office workers. Create checklists and guides for staff and management to use during the incident response.
- Who needs to know? Senior management, Board members, suppliers, external agencies and third party providers may all feel the impact of your incident. Be sure you understand under what circumstances you need to alert the Australian Cyber Security Centre
- What about the public? How will you communicate with your customers or clients? Who will be your spokesperson if the media is involved? These are key questions, because damage to your reputation can be far greater than the cost of the incident itself.
- When do you need to practise and update the plan? Create a schedule for reviewing your plan periodically to make sure it takes changes in the threat environment or organisation into account. Larger organisations are advised to review every three months; a smaller organisation perhaps every six months.
- What else needs to be considered? Legal exposure? Impact of each type of incident across the rest of the business team (not just the technology department)?
When an incident occurs, it is critical to document all incident details and your response actions. This will not only protect your reputation and limit potential liability, it will offer insights into what can be done in the future to avoid a cyber-security incident.
With a well-planned response protocol in place, recovery time and the effects of the incident are decreased recovery time. As always, being fully prepared is your best defense – and prevention is better than reaction. Blutone Technologies is here to make sure your systems are protected and your data secured. Get in touch today and find out how we can safeguard your business.