What would you and your team do in the event of a cybersecurity incident? Do you have a clear plan of action? If the scene in your mind opens with everyone standing around the conference room table yelling and pointing fingers at each other or running around in a frenzy, frantically Googling ‘what do to after a cyberattack’, then you are in need of an incident response plan.

Who is an incident response plan for?

The reality is there is no such thing as 100% security, no matter how much we try to protect ourselves and our businesses. That said, there is no excuse why business owners and IT managers can’t collaborate on building an incident response plan to reduce risk in the event of a cyber incident. An incident response plan provides clear guidance and instruction, and helps to avoid confusion or panic over “What do we do next?”

What is an Incident response plan?

An incident response plan is a critical component of cybersecurity and should include clear guidelines on:

  • How to prepare for and identify a cyber incident
  • What individual steps need to be taken for each kind of incident
  • Timeline and workflow of the incident response process
  • Who on the team is responsible for what steps

40% of small businesses experienced eight or more hours of system downtime due to a security breach in the past year.

When does an Incident response plan matter?

You don’t want to wait until after a breach or cyber incident to implement an incident response plan. Having an incident response plan in place will reduce confusion in the aftermath of an already stressful situation. And keeping it current with the correct resources and emerging cyber threats will help to ensure that the company’s down-time is as short as possible.

As the saying goes, ‘there is no time like the present’.

Where does an Incident response plan occur?

Creating an incident response plan for your company is a process that should include the people, both internal and external who will be part of the Incident Response Team. Much like being seated in an Exit row on a plane, you’ll want to make sure each team member understands their responsibility and feels comfortable acting in the event of an incident. The Incident Response Team includes a list of key contacts responsible for handling various stages of identification, remediation, and communication - because while cleanup from a cyberattack might start with IT, responding to an incident requires more than just technical mitigation.

Once you’ve established the roles and responsibilities of the members of the Incident Response Team you can work with a lawyer or consultant to write up the formal incident response plan or you can use a tool like an Incident Response Plan Builder that allows you to build a plan in minutes through an easy-to-use wizard.

Why is an Incident response plan important?

Mitigate expense. The longer it takes to identify and contain a breach, the higher the cost to repair. 40% of small businesses experienced eight or more hours of system downtime due to a security breach in the past year. By having a plan in place, you will significantly cut down-time and associated cost, and get back to doing business.

Identify, contain, and report cyber incidents with clear steps and ownership. Just like with the passengers in the exit row of a plane, you want to make sure each member of your team understands their role and acts quickly to help prevent further disaster. An incident response plan clearly assigns specific next steps to the appropriate team members that will help your team work calmly and smoothly together.

Help to preserve the continuity of your business operations as well as your reputation. A cyber incident or attack doesn’t just have the potential to wreak havoc on your bank account - it could also impact your business reputation and relationships. By quickly identifying the incident, you have a better chance of recovering from damage caused to your or your customers’ data - getting out ahead of a possible news story or scandal.

Imagine your team working quickly and diligently, communicating clearly with the right people, in the minutes and hours after a cyber incident because they are following the procedures outlined in your up-to-date incident response plan.