020 7241 2255

Resources

What is a Cyber Security Incident Response Plan?

Incident response plan

During the transition to lockdown and getting used to a decentralised work environment, your focus has probably been to manage this change and ensure that you and your team stabilise overall cohesion and productivity. Quite right too.

The collective shock-to-the-system will affect most of us and it takes a little getting used to. This certainly has been the case for ITGUYS.

Now we are in this new routine, it is imperative to understand the additional pressure to secure our tech and intellectual property with new working practices. Even in peacetime, I have talked about the importance of IT security and how your whole team (yes, even the boss!) must take responsibility for their online activity.

Working in an office provides some safety in numbers. The opportunity to ask your co-workers if something looks dodgy or “has the banking portal login process changed for you today, because mine is completely different…” helps you make better judgements on whether an email or web link is safe.

Whether you are in an office or not, the question here is do you think you are immune? Have you never ever clicked on something you realised was dodgy? (Be honest!). I have and I run an IT company. And what do you do about it?

You invoke your Cyber Security Incident Response Plan.

CSIRP may not be the catchiest acronym but you’ll be glad to say “SEE-SURP” when it happens. It’s one thing to imagine what you may need to do IF the bad thing happened. It is quite another when it does happen, and you have to make it up as you go along. Which sounds best to you?

The key elements of the plan cover the following steps:

  1. Who are the key people that need to be contacted? At least one senior member of the company should be alerted as well as the person or company responsible for IT. (It’s also worth having at least one backup person in case of absence).
  2. Escalation criteria. Depending on the severity of the attack, different steps will need to be taken. This may involve switching off the office or home internet connection, contacting clients, your legal team and ultimately the ICO (Information Commissioner’s Office) to report the incident.
  3. Flowchart/Diagram of the response process. The whole lifecycle of a potential event must be documented, and a diagram can really help map the process out for the whole company.
  4. Your organisation’s legal and regulatory responsibilities. Depending on what your company does you may have additional requirements (perhaps from a data protection perspective).

Ready to take the (technical) bull by the horns?

Book a free discovery call with our head honcho, Ben, and discover how our managed IT support service can help your business.