You need an up-to-date Cyber Incident Response Plan because, sadly, it’s no longer a case of whether your business could get cyber attacked but when it will get attacked. You should be as prepared as possible.
Research published, such as that in ‘Information Age’, reveals the worrying trend that commercial cyber attacks on UK businesses are up 11% year-on-year to nearly 2,000 per day in Q1 2021, and are rising. Criminals are finding new ways to breach cybersecurity defences.
You may have put off writing a Cyber Incident Response Plan because you don’t have time or don’t think your business needs one. As we’ve said, however, you could well be the next victim and you must have a sensible plan ready so when an incident happens you can react appropriately.
Discovering and experiencing a cyber attack is a high-pressure situation where speed of response is critical. The faster you react the more likely it is you could limit the damage. But while it’s not the time for complacency, you shouldn’t panic either. With a plan in place, you and your team will know what to do. And you will be able to show stakeholders that you have some control of the situation.
You can create a plan by following four steps. Watch the video here for full details or read on below …
4 steps to creating a Cyber Incident Response Plan
Basically, your plan needs to include what to document, who you might need to talk to, and what to tell them.
You can contact us below about your individual business’s needs and circumstances but, broadly, the four steps are:
1. Define the scope
2. Collect information
3. Communicate
4. Manage the incident
On point one, remember that a cyber incident doesn’t have to happen from outside; it could be someone from within your business who has accessed data they shouldn’t have access to. So you need to bear that in mind when writing the scope of your plan.
Once you’ve created your plan you should share it with the people who may need to help you put it into action. And you should always test it in a simulated attack scenario. Also, you should update it regularly to ensure it is always ready to use.
As well as the further details you’ll find on our video, in-depth guides to incident management and response can be found on the government’s National Cyber Security Centre website.
Help with getting things in place to respond to cyber security incidents, such as advice about GDPR documentation, cyber security policies and general templates, can be accessed on the IASME website as well.
We have worked in the cybersecurity field for many years. Please contact us below for further help on writing a Cyber Incident Response Plan and related issues.