October 8, 2015
It often seems the media is reporting on data breaches and hacks that have impacted major organizations every day. Incidents are definitely on the rise. Cyber-criminals are becoming increasingly savvy, making it more important than ever that IT professionals employ safeguards to keep their business and customer data safe. An incident response plan is an important part of any IT department’s cyber-security safeguards, and it is essential that businesses take the proper steps to prepare for potential breaches.
What Information is at Risk?
Regardless of the size of your organization, you have likely collected and stored a variety of private and proprietary information that could be valuable to others such as:
- Health-care or customer records
- Contact lists
- Employee information (including contact information, Social Security numbers, and passwords)
- Financial account information
- Credit and debit card information
Many small businesses make the mistake of believing that their organization is too small to be a target for a cyber-criminal, but this is far from the truth. According to Ponemon, the average cyber-crime will cost a small business more than four times more per record (at $1,324) than larger ones (at $305). It can also take a long time to contain a security breach, and the longer that it takes, the higher your business losses will be. For these reasons, it is essential that businesses of all sizes take proactive measures by creating an incident response plan.
What is an Incident Response Plan?
An incident response plan is a set of instructions for identifying, responding to, and minimizing the effects of a certain information security event. These events will indicate that a security safeguard has failed or a security policy has been violated, and it will change the operations of an information technology service or network. Incident response plans will provide instructions on how to respond to a variety of potential security events, including viruses, malware outbreaks, insider threats, firewall breaches and data compromises.
According to the SANS Institute, an effective incident response plan will consist of six major phases:
- Preparation. This phase will involve preparing IT staff and other users on how to handle potential incidents if they should arise. Installing one of the best cloud-based antivirus programs like Immunet, Avira, Panda Security can also be a vital in stopping a breach before it happens.
- Identification. Determine if an event is actually a security incident.
- Containment. This phase involves limiting the potential damage from the incident, including isolating any systems that may have been affected in order to prevent continued or future damage.
- Eradication. Your team will need to identify the root cause of the security incident to remove the affected system from the business environment.
- Recovery. Allows affected systems back into the business environment after ensuring there are no remaining threats.
- Learning. At the end of the incident response, you will need to document the incident and perform a thorough analysis to best learn from the incident and improve future response.
Importance of Incident Response Plan
Knowing how to respond appropriately to a security breach in your organization is essential in minimizing the chance of major problems. Without an incident response plan in place, an organization may fail to detect the initial attack or it may not properly contain and recover from said threat. An incident response plan that is well thought out can give your business several advantages:
- Your organization will be more likely to meet relevant legal requirements regarding the taking of timely action in containing events. This could help you to avoid costly penalties.
- Your organization will be prepared to take fast action in the event of a breach, as the steps that you’ll need to take will be clearly outlined. This could minimize the financial damages that you are out in the event of a breach.
- The simple act of developing an incident response plan and then practicing it can improve your organization’s ability to properly manage a privacy or security event, including any corresponding regulatory or civil proceedings.
- Establishing ahead of time who will do what in the event of a security event will allow your organization to respond quickly to a potential breach. An efficient incident response plan will establish clear responsibilities and roles across the organization.
- An incident response plan can help your organization maintain positive relationships with third parties, including law enforcement agencies and other experts that handle breach remediation.
It is clear that an incident response plan is a crucial part of any business cyber-security program. Do you have any tips for how your business has worked to develop an incident response? Feel free to share your experiences here.
Sheza Gary has been a project strategist since 2009 and has been involved in the launching of startups and tech companies in New York for more than five years. She has keen interest in writing her own experiences about business plans and upcoming business supporting technologies. She loves public speaking.