WHY DOES MY ORGANIZATION NEED A CYBERSECURITY RESPONSE PLAN?
| July 30, 2020Most businesses or organizations will experience a cybersecurity incident, perhaps in the form of a phishing attack, spam emails, or an internal employee accidentally releasing malware throughout the network. Regardless of the size or scope of the incident itself, your organization needs a plan of attack to get back to business as usual and ensure the episode doesn’t have trickle-down effects that negatively impact customer or stakeholder trust.
That’s why your organization needs a comprehensive cybersecurity incident response plan. This is a pre-determined checklist of items that helps you identify urgent tasks and next steps if you have confirmed that your organization has experienced a security or PII (Personally Identifiable Information) data breach. Cybersecurity incident response plans are typically intended for smaller organizations; however, they can be easily adapted and expanded using the NIST framework to respond within a larger or enterprise corporation.
WHAT SHOULD I CONSIDER IN MY CYBERSECURITY RESPONSE PLANNING?
Here is a standard checklist of items you should already have in place before a breach:
- Privacy Policy (for collecting client data)
- Security Policy
- Social Media Policy
- Security Controls (for performing high-security actions, such as online banking)
- Cybersecurity Insurance
WHAT IS A CYBERSECURITY BREACH?
A data or cybersecurity breach is an incident where sensitive or otherwise confidential data has either been viewed or stolen by an unauthorized individual. This could be anyone, from an internal employee or third-party contractor to a hacker or cybercriminal outside your organization.
A cybersecurity breach can affect individuals as well as organizations. A data breach can include Personal Health Information (PHI) or Personally Identifiable Information (PII), such as:
- A driver’s license or state-issued ID card number
- Account numbers, including credit or debit cards, or bank account information
- Social Security Number
- And more
WHAT HAPPENS AFTER IDENTIFYING A BREACH?
If you’ve determined and confirmed that your organization has experienced a security breach or cybersecurity incident, you’ll need to take the following steps:
- Secure your operations: Work with a third-party IT provider, such as Concensus, to help you identify the breach and secure your organization against ongoing or future attacks. We can further guide you by assembling a team that includes independent forensics investigators and possibly legal counsel.
- Fix your vulnerabilities: Your IT provider will perform a thorough review of the vulnerabilities that lead to the breach, and work to fix them immediately.
- Notify appropriate parties: Determine your legal requirements. Each state has different legislation when it comes to notifying parties and stakeholders of a security incident. You’ll also want to contact your cybersecurity insurance provider immediately. If you suspect fraud or foul play, you’ll also want to contact legal authorities.
For additional tips and information, visit the Federal Trade Commission’s guide for businesses here.
WHAT’S NEXT?
At Concensus, our IT experts are here to help you formulate your organization’s complete cybersecurity defense plan. We’ll work with you to create a cybersecurity risk mitigation and incident response plan that implements multi-layered approaches to limit your organizational vulnerabilities and risk.
Our process will help you with:
- Physical Security
- Perimeter Security
- Network Security
- Endpoint Security
- Data Security
Our team can also help with prevention and policy management, monitoring and response, and more.