We’ve been saying for a long time that no company is safe from a cyber attack. Even small companies that don’t operate in industries typically known for housing sensitive data, such as finance, education, and medicine, still have valuable information that someone could profit from.
For example, a hacker could use employee information stored on your server (Social Security numbers, addresses, dates of birth, etc.) to commit tax fraud. Virtually every company has this data in its possession.
Or, an unscrupulous competitor could break into your network to unearth business plans, client lists, contracts with vendors, and your firm’s other proprietary information.
In many cases, a breach happens not through nefarious means, but simply from employee error (such as losing an unencrypted laptop or failing to secure internal databases, leading them to be visible on a public-facing web site.)
Since it is not a matter of “if,” but of “when,” your company has some sort of cyber event, it makes a lot of sense to prepare now, before you go into crisis mode in the aftermath of a breach.
A comprehensive incident response plan (IRP) is the roadmap your company needs to guide you through the pre-breach and post-breach processes. A thorough IRP will eliminate rash decisions borne of panic that could ultimately prove harmful, and will save you time, money, and mitigate the damage to your company and to the victims whose data was compromised.
To start the process, designate a portion of your company’s budget to data security and breach planning. Furthermore, assign a key member of management to shepherd the process along and hold him/her ultimately responsible for the development, implementation, and maintenance of the IRP. The IRP needs to be a priority, and it can only work if resources are allocated to the effort.
Before a crisis hits, an incident response team (IRT) needs to be identified. The IRT should be composed of employees from management, IT, legal, marketing, and other relevant departments. IRT members should fully know the IRP and be ready to immediately activate it upon discovery of a breach.
Outside resources also need to be identified before a breach: Attorneys, public relations consultants, law enforcement officials, and IT forensics experts. Time is of the essence in the aftermath of a breach, and you don’t want to be wasting it trying to secure experts when they should already be on the job mitigating and repairing damage.
We will discuss more IRP development tips in Part 2 of this series. INSUREtrust also has produced an Incident Response Plan Guide, which is available to all its agents and insureds, free of charge. If you would like more information about this service, please contact us at firstname.lastname@example.org.