So you’ve been hacked – what now?
Even if you haven’t, don’t make the common and dangerous assumption that you never will be hacked. Major hacks take place on a regular basis in the U.S., and so you have to be ready. That’s why you need an Incident Response Plan.
An Incident Response Plan provides the plans, procedures, and guidelines for the handling of data breach events at our office(s), or via any of our servers or mobile devices.
The plan encompasses procedures on incident response engagement and how the incident response team will communicate with the rest of the organization, with other organizations, with law enforcement and provides guidance on federal and local reporting notifications processes.
This plan is necessary to clarify the roles and responsibilities of your employees so you can quickly mitigate risks, reduce the organization’s attack surface, contain and remediate an attack, and minimize overall potential losses.
There are three main components of an incident response plan: technical, legal, and managerial.
As part of your plan, designate specific, skilled people who are best positioned to cover those functions. Make sure you answer the following questions:
What information does each component need?
What should you expect from each component?
What’s the chain of command?
To whom does the team report?
Who has the authority to make judgment calls as to when the campaign’s computer networks will be taken down, quarantined, or put back online?
Ensure your legal, technical, and management experts approve of your incident response plan. And make sure your response team regularly reviews and practices the plan.
Drafting an incident response plan can be intimidating if you’ve never done it. While there are guides online that can help, the best way to approach it is with the assistance of an expert partner.