It’s challenging to think about what could happen to your business in the event of a major cyberattack or natural disaster. The details alone can be staggering to consider: all of your operations would likely come to a halt, staff members would be unable to access business systems and critical data and customers would be left in the dark about what’s going on. Without a proactive incident response plan in place, your business could easily be disabled for days or even weeks.
“While you might be tempted to overlook the creation of an incident response strategy that you hope you’ll never have to use, it’s crucial to understand that more than 60% of small businesses that experience a cyberattack are unable to return to full operations and eventually fail,” claims Scott Clarke, partner at Philadelphia IT support company, Menark Technologies.
Whether you’re prepping your first incident response plan or simply giving your current plan a refresher, here’s what IT professionals are including in this vital strategy.
Creating Your Incident Response Plan
“Some organizations take a “set it and forget it” view of cybersecurity,” shares Earl Foote, a top cybersecurity consultant in Utah with Nexus IT. Experts recommend that you continually review and update your IR plan to accommodate the changes in your organization and in the marketplace. For instance, you may have recently added a new data integration that isn’t included in your current incident response plan. Maintaining accurate records of integrations and partnerships will help you identify any potential weak points in your security net — points that might be vulnerable during and after an attack. While each incident response (IR) plan should be customized for the unique needs of your organization, there are base considerations that you’ll need to put in place.
- Assess your current readiness level, prioritizing critical business systems.
- Ensure that your systems and data are regularly backed up based on the needs of the business. Backup and recovery strategies should provide not only for the restoration of the data or systems themselves but also restoring full access for data sharing between business systems.
- Create a workforce continuity strategy that includes details such as how workers can remotely access data and systems in the event of a disaster that makes your physical location unreachable. Include telephony and internet access, as well as ensuring that staff would have access to appropriate machines.
- Define responsibilities at each stage of the process, from assessments to communication and beyond.
- Document and train staff members to ensure that the IRP can be quickly triggered when needed.
Preparing and testing an incident response plan does take time and effort, but the investment will be richly rewarded if you’re able to rapidly bring your business back online after a cybersecurity event or other disaster.
Active Communication is Integral to Success
Both Clarke and Foote agree that technical teams often do a fantastic job putting together an action-based incident response plan that includes all the details needed to launch an incident response plan. What is often missing is the communications component, which is integral to getting your business back online quickly and with as little disruption as possible. Employees are not the only ones who need to know what to expect in the event of an urgent situation, you also have to consider a range of other stakeholders including customers and vendors. Each of these groups may need slightly different messaging to ensure they are able to work effectively with your organization as you work to bring business systems and data back online. This could include:
- Letting vendors know that shipments may take longer to be accepted as you’re working from paper systems.
- Inform customers that there may be a short delay in shipping new orders, and that order status may be unavailable for a period of time.
- Train staff members the steps that they need to take in the event of a flood, fire or cyber attack.
- Details that you want to share with the media to help spread the word about modified business hours or other changes as you return business operations to a normalized state.
Preparing and testing your incident response plan is worth the investment in time and energy if your business experiences an unexpected event. However, the rigor of reviewing your various business systems and communication channels can help your business work more efficiently even if you never experience an incident that requires triggering your plan. For that reason alone, it’s worth putting a secure incident response plan in place along with a schedule to regularly review and update your strategies.