Incident Response Plan

Security Breach!

You or one of your colleagues notice strange emails that suggest passwords have been reset for Google, Ebay, LinkedIn and several other websites including banks too.  You then realise that these are for accounts related to your business.  Talking to colleagues, you eventually work out that these password resets are not from internal staff.  Someone has compromised an email account and has used it to force password changes to online services. Someone now has access to your business services and data.  A cyber attack is taking place.

What if this happened in your business today, or tonight?  If you had an IT security breach, how would you react?  How would you feel as the business owner?  What would you do?

When an incident has been confirmed like the scenario above, is the business able to put into effect a robust set of measures?

panic keyboard button

panic keyboard button

Recommendation – Incident Response Plan

My recommendation is to prepare an outline Incident Response Plan.  This should contain phone numbers of Directors, Managers, key staff, IT experts, IT suppliers, and a list of online services and where passwords are managed for these services.

The first task is to call in the experts.  Ideally, at least two members of staff should have been on a ‘cyber first responder’ course.  One of them will hopefully be available and will know how to preserve evidence and how to reduce the impact of the incident.  A Director or Manager listed on the plan should then be called.  Their role will be to coordinate the tasks in the plan, and help get the business back up and running as quickly as possible.

incident response plan

incident response plan

Adapt and survive

The plan will no doubt need to be adapted.  No scenario can be fully anticipated.  Better to have an outline plan, than nothing in place.  Ideally, run through scenarios at least twice a year to exercise the plan.  Hopefully you won’t need it, yet.

Steve Borwell-Fox

Useful links: