Incident Response Plan

What It Takes to Create an Effective Incident Response Plan

Download the PDF version of this Page

What Is an Incident Response Plan and Why Is It Important?

Today, many small- and medium-sized businesses (SMBs) are ill-prepared when it comes to cyber security, due to the growing sophistication of cyber threats and lack of in-house expertise.

In fact, 79 percent of small businesses do not have an incident response plan, according to the Cybersecurity Trends Report 2017.

Ponemon Institute recently surveyed SMBs on how they’d rate their ability to mitigate risks, vulnerabilities and attacks against their businesses in the 2016 State of Cybersecurity in Small and Medium-sized Businesses.

  • 26 percent of SMBs surveyed rated their ability very effective
  • 74 percent rated themselves not effective.

Clearly there is a lack of preparedness among this group for keeping sensitive business data protected from cyber criminals.

A solid incident response plan is essentially a roadmap for reducing your business’ cyber security risk level and proactively minimizing damage. It is a detailed document that spells out exactly who owns what in the case of a security breach or data loss event, with communication guidelines and established protocol. Here are some additional insights, examples and templates for incident response plans:

What It Takes to Create an Effective Incident Response Plan

It’s crucial that businesses prepare for threats in accordance with their requirements, risk tolerance and resources. We can work together to create a roadmap for reducing cyber security risk.

Aligned with:

  • organizational and sector goals
  • considers legal/regulatory requirements and industry best practices
  • reflects risk management priorities.

The NIST Framework for Improving Critical Infrastructure Cybersecurity is an important starting point. According to this framework for meeting cybersecurity risk management objectives across an organization, the remediation plan flows down from the senior executive level to process and operations, as priorities inform framework profiles and drive the progress of vulnerability management implementation.

When all parties remain aligned and can proactively adapt to changes in the threat landscape, the organization will be able to remain vigilant and manage risk. This approach to risk planning allows an organization to determine the activities that are most important to critical service delivery. Also, it enables them to prioritize expenditures to maximize the impact of the investment which is particularly useful for SMBs.

Quick Incident Response Tips:

  • Directly after the infection is detected, disconnect from the network and stop backing data up immediately. This will stop the malicious software from overwriting clean backups with infected files.
  • Remove the ransomware and clean computers of malicious software. If you have a good restore, remove all traces of ransomware using antivirus software or an appropriate malware remover.
  • Restore from the most recent clean backup.

How to Ensure Success Building Your Incident Response Plan:

  • Set a budget for cyber response plans.
  • Assign clear roles and responsibilities for your team.
  • Loop your entire organization into your cyber response plan.
  • Meet with employees on a regular basis to ensure your response plan is effective.
  • Refine your plan along the way.
  • Document all response efforts from beginning to end.
  • Provide your employees regular cybersecurity training and phishing simulations.
  • Have effective password management policies in place in your business.

Loop Advisors Vendor ChangePeople we would like to work with:     Click for a Consultation

    • Busy Entrepreneurs growing their company
    • Office Managers who want to make sure systems are protected from hackers and viruses
    • Professionals who are not sure if their backups are working
    • Small business owners wanting more time for their customersRemote or Onsite Service