Imagine tomorrow, you walk into your office and turn on your computer only to find that you can't access anything. Your email is blocked, your files are blocked and you shortly realise that your business has been the victim of a cyberattack. What is the first course of action you take?
Having an Incident Response Plan created before an incident takes place can mean the difference between successfully recovering your business, and failing. In this article we will talk through the key components to creating an Incident Response Plan, specific to a cyber breach however, you could apply these points to any business incident. We have also developed a free template for you to download and use as a starting point to build out your plan.
In most areas of life, good communication is key to success and managing an incident is no different. Planning and writing down how you will communicate to your team, clients and partners ahead of time means you have one less thing to worry about during a stressful time like a cyber incident.
Start by writing email templates, one for your team, one for your clients and one for your partners. Give a copy to your Crisis Management Team and have everyone save a copy locally to their computer, that way if you loose access to your files you still have access to local copies.
Second, have a press release written and ready to go. Being open, upfront and honest about a cyber breach can help your public image during a cyber incident. We have seen examples of companies who have been reluctant to share information when they have been breached which only leads to confusion and mistrust of the people using their platform.
Finally, have a draft notification ready to go to the OAIC, in many cases Australian businesses are legally required to notify the OAIC of a cyber breach and failure to do so can result in some pretty hefty fines.
Identify a team who will manage your business through a cyber incident ahead of time. Assign a team lead and team members, ideally these will be people from different departments as each department will have their own unique requirements during a cyber breach.
Once you have identified the individuals who will form your crisis management team, assign roles to everyone. Some of the key roles are - crisis team lead, communication lead, office co-ordination lead, technical management lead and return to normal lead. Each role carries different responsibilities, that all feed back into the person managing the incident.
Planning out how your business will continue to operate through an incident means listing out all the ways you could be impacted by a cyber breach and how you can overcome them. Things like loss of email, loss of file access, loss of app access, and identifying how the business would continue to operate without one or all of these services.
Returning to Normal
Once the cyber incident has been contained and you are able to return to the office, or use your apps again, what steps do you need to take to ensure this type of incident doesn't happen again? Perhaps it is reevaluating your cyber security setup or reviewing your company policies or changing a core business application. Whatever the steps are, having a checklist in place to help guide you through a return to normal review process can help you get started.