Reasons why you need an Incident Response Plan
Posted 23rd August 2022
There are several worrying statistics about cybersecurity breaches floating around at the moment. On average, only 5% of companies’ folders are properly protected, and 95% of cybersecurity breaches are caused by human error and data breaches exposed 36 billion records in the first half of 2020. So, we have to consider that with cyber breaches, it’s no longer a case of if; it’s now a case of when.
While companies should always ensure that their cybersecurity measures are fit for purpose, including checking that firewalls and devices are up to date and that the latest security patches have been installed, businesses also need to have an Incident Response Plan in place, just in case.
What is an Incident Response Plan?
The National Cyber Security Centre recommends that all businesses should have an Incident Response Plan in place in case they suffer a cyberattack or data breach. An Incident Response Plan is a set of procedures and guidelines that your IT team can use to remove and recover from any cyber security threats. Aside from identifying what you need to do if things go wrong, an Incident Response Plan can also help you spot the gaps in your cyber defences and how you handle incidents.
What should you include in an Incident Response Plan?
Cyber threats can come in all shapes and sizes, and your plan should address all possible eventualities. One of the most important things to include within your Incident Response Plan is a list of key contacts. These will be people like your Managed Service Provider and companies that perform maintenance on your IT infrastructure. You should also include the ICO in the list in case your business suffers a data breach.
An Incident Response Plan should also include escalation criteria and a flowchart of procedures and processes. There should also be information covering the basic guidance and legal requirements for businesses that have suffered a hack or breach. It’s also advisable to include information on key personnel and their roles in the event of a cybersecurity breach.
If you’re starting from scratch, your business should spend time identifying all its assets (devices, servers etc.) and carry out a full risk assessment. Then, as the unravelling begins, a documented plan should be created.
You should also document how losing access to different files and systems will impact your business. This will help you prioritise how you go about recovering them. This process should involve all parts of the company as your IT team will have no way of identifying what is crucial to keep the business running. So, for example, email may take priority over stored spreadsheets.
What if my business already has an Incident Response Plan?
For those that have a documented plan, when was the last time you tested it?
The majority of companies never prepare or test their plan and, furthermore, half the employees don’t know what they’re responsible for in an attack situation. Considering the significant changes within businesses in the last 18 months, would your plan still be effective?
Always keep the story of one large company that suffered a breach in the back of your mind. They stored their Incident Response Plan on their file server, and yes, you’ve guessed it, the file server was one of the infected servers. So, while it’s essential to have it documented and available, please ensure the plan is stored in multiple locations and several people know about it.
If you have any concerns regarding your current incident response plan, are unsure how to test it, or don’t currently have an incident response plan, please contact us.