Have you got a Security Incident Response Plan?
Let’s face it, a security breach is almost inevitable, but how to handle one in progress and how to deal with the aftermath is at least as important as taking preventative steps. In this blog, I share my advice on compiling a security incident response plan.
Without a considered response plan in place companies are left in a panicked state rendering them more exposed and potentially vulnerable for longer than necessary when an attack occurs.
Reactionary responses tend to be ill-conceived, exacerbating the breach. At Ergo, we have been assisting organisations in developing effective incident response plans and procedures for twenty years. With a best practice policy and a thorough plan in place, the worst aspects of a breach can be avoided returning operations to business-as-usual sooner while also mitigating any potential consequences.
Your plan needs to meet the unique requirements of your business but should always include four primary elements:
Stealth attacks are obviously designed to avoid detection, but Ergo can help in selecting and implementing appropriate software and monitoring solutions for the crucial detection stage.
After detection the response plan helps to determine the nature of the breach and how best to contain the intrusion.
Following containment the focus shifts to addressing the consequences by deleting malware, suspending compromised accounts and eliminating the vulnerabilities that led to the breach.
The final stage is recovery, where the IT infrastructure is returned to normal. This may involve restoring systems and data from backups or updating firewall rules to other protection layers.
Addressing a security breach can be a complex process but with the right planning and an experienced IT partner, disruptions to the business can be minimised and operations quickly restored.