INCIDENCE PREPAREDNESS & RESPONSE

Compliance exists to help protect data and systems.  However, cybersecurity not just about checking off compliance boxes.  It’s about being secure. We have fancy phrases like “good cyber hygiene” and a “strong security posture,” but when it comes right down to it, at the core, we want to prevent cyberattacks, theft of data, intrusion into our systems, installation of malware, ransomware, or worse.

As much as we put measures in place to prevent incidents, they do happen… to the big corporations and agencies as well as small businesses. Whether it’s an oil pipeline, a school district, or a mom-and-pop shop, no one is immune.

While we do everything we can to prevent it, sometimes we click on the phishing email or we forget to lock the door. To make it worse, malicious attackers are increasingly targeting companies for financial and political gain while employing tactics to bypass your current defenses.

When you’re attacked, you don’t have time to think. You just react (and perhaps reach out in a panic to your cybersecurity firm).

Here at Duffy Compliance, we want to help you put in measures in place to help minimize the risks of cyberattacks in the first place.

The main goal should be to stop and contain the incident. Technological solutions are a part of this, but these efforts should be guided by good governance and planning with items such as company policies/procedures, Service Level Agreements (SLA), and an Incident Response Plan.

To start with, one of the best things you can do is to make your company as hard of a target as possible by implementing security controls, tools, and solutions through both technological means and governance (i.e. sound policies, procedures, and plans).

But no company or system is infallible. So arguably, the second-best thing you can do is prepare yourself and your company for that worst case scenario, when your defenses fail.

The difference between a relatively minor inconvenience and a catastrophic event that destroys the company could be determined by how well you are prepared. Let’s take a look at some steps you can do to prepare yourself for cybersecurity incident.

That’s where an INCIDENCE Response plan comes into play.

  1. Plan your incident response (Preparation)
  2. Detection and Analysis
  3. Containment
  4. Eradication
  5. Recovery
  6. Follow-up

While you may be required to comply with government regulations (DFARS, NIST, etc.) to have an official Incidence Response Plan, going through the process helps to prepare you and your organization in case of an actual incident.

Whatever you can put in place now, especially in the preparation phase, could vastly reduce the magnitude of consequences.  Basically, you want to reduce the scope of damage, protect your data and resources, and recover from the incident as quickly and successfully as possible.

To that end, we’ve put together this checklist to cover three phases:

 

  • Pre-Incident: What you can put in place now before an event happens to hopefully prevent such a thing.
  • During:  In the unfortunate situation in which you do experience a cyber attack, here is what you do immediately. (Please note that even if you call us first thing, we’re going to be asking for things on this list.  So get them together now!)
  • Post-Incident:  After the dust settles, you should attempt to determine specifically what occurred, why it happened, and what your organization can do to keep it from happening again.

Do It Yourself

Download our Incident Preparedness and Response Checklists

– OR –

Skip Ahead

Get your Incidence Response Plan in place now