Incident Response Plan: Why Every Business Should Have One

Are you ready for a major business disaster like ransomware or data breach? Find out why every business should proactively develop an incident response plan.

Incident Response Plan

Incident Response Planning In Houston, San Antonio and Austin

Once upon a time, bank robbers and murders could name themselves among the FBI’s Most Wanted. In 2020, they can still be found there, but a new kind of criminal mastermind has emerged. Over 71 cybercriminals and cybercriminal organizations are on now this list. And like any criminal that makes the FBI’s list, these criminals are elusive, damaging, and very good at what they do.

According to Juniper Research, known cybercrime has now cost businesses over $2,000,000,000,000. Many more go unreported. Half of the targets are small businesses, but even large corporations with massive security budgets like Target, Marriott, AT&T, and Equifax have become victims as of late.

This should be a wakeup call for all business leaders. We need security strategies that both prevent detrimental attacks like these and limit the damage when the inevitable happens. It’s not how much you spend on cybersecurity that matters; it’s how you intelligently put that money to work.

That brings us the Incident Response Plan, a vital part of that overall strategy.

What Is an Incident Response Plan?

An incident response plan is a preemptive and organized strategy that allows you to manage a threat quickly. This threat could be anything from a data breach to a natural disaster. The ultimate goal of this plan is to limit damage, reduce costs, keep critical operations active where possible, and get back to business as usual quickly.

Why Every Business Needs an Incident Plan?

According to Gartner, a single minute of downtime costs a business, on average, $6,000. When seconds count, we can’t afford hours putting together a team and implementing a solution. A robust incident response plan includes the precise steps to be taken in the case of an anticipated event. And it consists of the people in your organization with the knowledge and experience to think on their feet and develop creative solutions if the attack diverges from events for which you planned.

With this plan, businesses can work faster and more effectively to diffuse the threat and minimize losses.

Where to Start Developing a Response Plan

A robust plan includes six essential elements:

  1. Establishing roles and responsibilities – Build your incident response team. Ensure that it consists of the right people. They should be knowledgeable in the various areas of operations and security, so they can make quick, impactful decisions when seconds count. Every business is different, but an incident response team might include a leader from each of these categories: HR, PR, In-house or Managed IT, security (cyber & building), legal, risk management, customer service, and all of C-suite. Clearly outline the responsibility of each member.
  2. Implementing continuity – Have a plan to keep critical operations running. This may include generators, backups, work at home employees, overflow customer services support, and more.
  3. Outlining tools, technologies, and resources available – What is at your disposal, and how can you shift resources around to maintain operations? This additionally includes how you prevent and limit the damage by securing gateways, assessing protect surface, scanning for vulnerabilities, and resolving identified threats.
  4. Mapping out the network & data recovery processes – This part of the plan outlines the critical network and method for data recovery to return systems to normal operations as quickly as possible.
  5. Planning for internal & external communications, which may include PR, social media – Many a corporation has missed the mark on this one after a disaster. Case in point, after the Equifax breach, representatives recommended that that affected pay for additional monitoring services, clearly an infuriating response when a company has exposed millions to identity theft. You need to have a clear plan for communicating with the employees, shareholders, vendors, and the public, if necessary.
  6. Regular reviewing & updating of plan – Technology and threats can change quickly, so a company must have a schedule for reviewing and updating the plan and filling in any gaps that may have developed since the last review.

Ready to get started? Our IT experts can help. Fill out this quick online form to set up a free initial consultation. Or give us a call at one of our three locations in Houston, Austin, or San Antonio.

  •   Jason Simons
  •   Feb 08, 2020