It’s widely agreed by those in the business continuity community that any company lacking a Cybersecurity Incident Response Plan is putting itself at needless risk, as the continuing stream of stories detailing hacks, breaches, and other attacks on businesses make it clear that it is no longer a matter of “if”, but “when”. The exact structure of such a plan remains a topic of debate, but almost all experts agree on ten actions which should be performed, according to an article by Gerry McGeachy and Arie van Wijngaarden of the Cybersecurity, Privacy and Data Management group at McCarthy Tétrault. These 10 actions are as follows:
- Ensure a plan is in place, to both ensure regulatory compliance and to provide a framework for updates and revisions.
- Engage all relevant personnel, both internally and externally, to ensure awareness and participation in the plan.
- Identify experts, for both investigations and counsel.
- Ensure the necessary tools and people to identify and record cybersecurity incidents.
- Understand the potential cybersecurity risks and how they apply to both your industry and region.
- Consider the acquisition of cyberinsurance.
- Identify distinct communications approaches for both internal and external customers.
- Develop a business continuity plan, to allow for rapid recovery and limit disruptions to operations.
- Communicate the plans regularly to stakeholders, and train them for potential risks like phishing attacks.
- Perform regular tests and drills using the incident response plan, so that the needed actions remain fresh within employees’ minds.
While a cybersecurity incident response plan may not be able to prevent all breaches, one built using these recommendations can help to identify any attacks earlier in the process and minimize disruptions to the smooth operation of the company.
Source:
