What is an Incident Response Plan and Do I Need One?

When dealing with cyberattacks, prevention is not enough. Companies can employ the best security measures, from employee training to state of the art antivirus software, and still suffer a data breach. It happens to governments, militaries, and Fortune 500 corporations. This means that mitigation has to be a part of your overall cybersecurity strategy.

The incident response plan

Once a data breach has occurred, your reaction can help mitigate the damage. This is where an incident response plan comes in. The incident response plan takes into account every possible type of compromise and details how to handle it. It establishes a set of protocols, policies and operations in case a breach occurs, and the objective is to minimize damage and speed up recovery.

If you’re wondering if your business needs an incident response plan, the answer is “yes”. Companies of all shapes and sizes need one if they operate online, especially if sensitive data is involved. Companies that handle credit cards, SSNs and even usernames and passwords are routinely targeted by hackers.

Developing an incident response plan

The incident response plan starts by identifying what makes you a potential target. Why would your company be the victim of a cyberattack? It could be the data you store and use, or the type of accounts that you register and manage. You then want to understand your vulnerabilities, so you know immediately where to look when a breach occurs.

Once the basic framework is in place, you want to assign incident managers. These individuals should be trained on how to respond quickly and accurately in case of a breach, with a chain of command in place to reduce any confusion. As a breach is noticed, the incident managers will be notified, and they will have to decide how to react to it. For example, during a ransomware attack, where a group has locked you out of your network until you pay a certain amount of money, the incident management team will have to determine the source of the attack, identify its severity, and ultimately provide a course of action.

After the incident, whether the reaction was successful or not, the company must review the attack and response in order to improve the initial plan. Why did this happen? Is it preventable in the future? Is there going to be a follow-up attack? All these questions must asked and answered in order to reinforce the security measures already in place.

Finally, you want to have a lawyer’s office number at hand. Cyberattacks are a law enforcement issue, and a team of lawyers can help you better navigate the situation, both defensively and offensively. Some customers might file suit, and you might even be able to file suit against the attackers for damages.

For more information on how to develop an incident response plan, or to sign up for a merchant account, please call (888) 924-2743 or go to Charge.com.

Leave a Comment