In 2015, over 288,000 businesses reported a cyber-crime. In today’s digital economy, cyber security has become a top-of-mind concern for business leaders of all sizes. Mid-sized businesses need to quickly and efficiently recover from cyber attacks, but companies also need to prepare for these attacks in advance. As soon as a breach is detected, certain reactions should trigger as a part of the company’s planned response efforts.
A written plan outlining response measures helps maintain efficiency during a time of crisis. Often called an incident response plan, this written course of action establishes the framework for the internal and external chain reactions that should occur during and immediately after a digital security breach.
A company must establish a plan unique to their organization before a cyber attack. A bulk of cyber security efforts must come before a breach, so in addition to a cyber insurance plan (as mentioned in a previous article), prepare for a digital attack with a cyber response plan as well.
The company preparing the response plan should appoint one employee to act as the leader during a time of cyber crisis. This individual should understand every step of the cyber attack response plan—that way he or she can set the plan into motion without hesitation. The designated leader will oversee the “response team.” Composed of both internal and external personnel, in many cases, this group will work around the clock to restore and maintain regular company function when under a cyber attack. The team should consist of the following individuals:
- Law Enforcement
- IT Specialists
- Security Personnel
- Public Relations/Crisis Management Professionals
Since a digital security breach affects many different components of a company, each member of the response team has a different role. Aided by all members of the team, the following five phases of a digital response plan should commence as soon as the company detects a cyber attack:
- IDENTIFY the problem—and quickly. External services and third party sources specialize in this kind of work and can find the problem efficiently.
- CONTAIN the attack and prevent it from spreading. In some cases, the faster the incident is identified, the less damage it can do.
- INVESTIGATE the crime and submit evidence to law-enforcement and investigators in order to find the criminal.
- FOLLOW-UP the incident in order to maintain order. The company should notify employees, customers and—in some cases—the Federal Government of the breach. During this time computers, networks and other services may be down, and although a stressful time, employees should maintain regular operation as much as possible.
- REMEDIATE the attack by changing company practices in order to prevent a breach in the future. This could require employees to reset passwords more often and might require the company’s IT services to implement more stringent security measures.
Don’t wait to establish a cyber response plan—the name of the game is preparation. Although much of the chaos comes during and after a digital security breach, half the battle is planning.
Harry Cylinder contributed this article. Harry is a risk and insurance consultant at The Beacon Group of Companies.