Cyber Incident Response - 5 points for your digital emergency plan
What is Cyber Incident Response
Cyber Incident Response is a set of policies and procedures for information security. Digital attacks have not only increased, but also become more damaging and destructive. The purpose of Incident Response is to enable an organization to quickly detect and stop attacks, minimize damage and prevent future attacks of the same type.
Why you need to have an Incident Response plan
Preventive IT security in your business can reduce the number of security breaches, but unfortunately not all of them can be prevented. A crisis can put a company at risk for days or even months. This can end up with major financial losses, damage to reputation or employees. Good incident management will ensure that safety-threatening situations are handled efficiently and correctly. That's why it's important to have a contingency plan that addresses how to quickly detect incidents, minimize losses, mitigate the weaknesses that were exploited and restore your systems.
5 points your Incident Response plan should include
Companies that emerge best from a crisis are those with a contingency plan that they have practiced. It's important to have a crisis management team that has good knowledge of their own company, who has the different roles, and who needs to be contacted in order to be as prepared as possible.
1. Role clarification - who does what
This needs to be defined in advance, and it's a good idea to plan a deputy in the event of illness. Most large companies have a crisis team that trains for emergencies, but this is not always the case for small and medium-sized businesses. Important roles are the IT manager and the communications manager. The IT manager takes responsibility for the technical aspects and is the main contact person for the Incident Response team at an IT security company. The communications manager handles the flow of information with employees and customers. Larger companies often also have a separate person who is responsible for GDPR/data protection, someone who handles logistics and someone who documents along the way.
Who does what and how many people are responsible for crisis management depends on the size of your business. In any case, you should have this planned and documented in advance, and practice security scenarios on a regular basis.
2. Continuity plan - operation during a security incident
During an attack, programs, processes and systems may be unavailable. You therefore need a plan that limits business interruption by having other solutions in place. This ensures that your business can continue to deliver products or services at an acceptable level until you return to normal operations. Create multiple plans based on different events your business is particularly vulnerable to. For example, having a stock of trusted machines that employees can use to connect to the company's network, if only the machines that were damaged during one type of attack are vulnerable. It may also be an idea to purchase separate SIM cards for the computers that are only used in an emergency situation.
3. Communication during a security breach
If your business experiences a security breach or attack, the attacker has most likely come in through a phishing email. This means that email is most likely compromised as a communication channel, and you need to make a decision on how to communicate during the security breach. This could be Signal or other channels that offer encrypted dialog. If you have an IT security partner, talk to them in advance about whether they offer trusted computers, phones and networks that you can use internally and externally while they handle the security incident.
4. Overview of critical infrastructure
In order for your company to be able to handle a serious unforeseen event, it is important to have good knowledge of your own business. Get an overview of what is most critical to take care of in order for the company to return to normal as quickly as possible. Make a list of your company's most critical infrastructure such as systems, networks and data. Prioritize your backups (backups). Have a good routine and documentation on how to restore these systems. The documentation should also include the location of the backups, so that it's quick and easy to restore them. Read more about backup plan. We also recommend a central log service as a SOC, so that the logs are taken care of in the event of a major security breach such as Ransomware.
5. Who do you contact during a digital attack
The contingency plan should include points of contact such as the Norwegian Data Protection Authority, Kripos and security partners. Also, feel free to share our form for employees during a security breach with everyone in your company.
With a dedicated incident response agreement from Cyberon Security, you get immediate help from our security experts. Our priority is to get you back up and running as quickly and safely as possible. The agreement includes a dedicated incident response kit with trusted computers, mobile phones, networks and storage devices, so you can communicate safely with us and your customers while we handle the data breach. Regardless of whether you have an agreement with Cyberon, you can always call our emergency hotline.
Talk to Cyberon about your contingency plan
Fill out the form below and get in touch with one of our security specialists: