Many companies have a Business Continuity Plan, but what about an Incident Response Procedure? What happens if your business is hacked, attacked by ransomware or someone loses a phone? A well thought-out and publicised plan will clarify what to do when an incident occurs, lessen its impact, and help prevent future incidents.
- Create an Incident Response Team (IRT). The size of the team will depend on the size of your organisation but it should at least be made up of a senior member of management, your technical lead, and someone who deals with information security, if that role exists in your business.
- Determine what law enforcement or regulatory bodies might need to be informed such as the police or the ICO (depending on the incident).
- Determine the process for reporting an incident. What form should be completed? Who should it be sent to or who should be emailed?
- Identify the type of breach. Common ones are:
- Breach of physical security/unauthorised access to the building or office space
- Loss or theft of property
- Lost or incorrect data
- Breach of information security
- Determine what information needs to be collected such as location, date and details of the incident and what actions have already been taken.
- In the event of an incident, collect and secure any relevant evidence.
- Discuss and document what measures can be put in place to avoid the incident re-occurring.
- Train staff on different types of incidents, what to do if they are involved in an incident (or observe one) and the location where the Incident Response Procedure can be found. It is a good idea to keep a soft copy in a location that can be accessed when outside the office, as well as a hard copy in the office.
- Review the plan at least annually or if there is a significant change to the business. Update any information if necessary, then re-print/re-publish.
If you would like to learn more about business continuity, a comprehensive information security program or discuss if your business should be looking beyond cyber security, feel free to reach out to us through one of the following methods:
- To contact our MD: Send an email to [email protected]
- To contact our Information Security Manager: Send an email to [email protected]
- Click here to submit a request for us to call back.