Have You Been Hacked? Here’s the First Thing You Should DoDecember 04, 2019
Do you have an Incident Response Program (IRP) in place in the event of a cyber breach? What happens if you’re caught without one in the midst of an attack? We explore here.
Picture this…you’re a CEO and your worst nightmare just became a reality. Your organization has been hacked and you don’t know what action to take. The next steps after realizing the organization’s network has been breached are critical to limit any further negative consequences. Hopefully the organization has a formal documented incident response program (IRP) that can be followed. In the event you are caught without a formal IRP, there are important steps you should take.
Incident Response Program
An IRP is a well-planned formal guide for how your organization will react in the event of a network security breach or cyber-attack. The goal of the plan is to reduce disaster recovery time, minimize damage and mitigate breach-related expenses. The best approach is to keep it simple and specific.
The following can be a starting point for the development or improvement of your organization’s IRP.
- Conduct a Complete Risk Assessment – Identify the likelihood vs. severity of risks in critical areas.
- Build an Incident Response Team – Specifically, name those with decision-making authority. Your Incident Response Team is in charge of preparing for and reacting to any type of organizational emergency. Team members are well equipped to cope with a wide range of unforeseen security incidents.
- Identify Key Stakeholders- It’s important to pinpoint those who could be impacted (i.e. customers, vendors, employees, etc.)
- Define Security Incident Types – Helps to know exactly when to initiate your plan.
- Inventory Resources & Assets and Plan a Hierarchy of Information Flow– Have a full understanding of systems and resources available. Then create a hierarchy of the steps needed to execute different processes.
- Prepare a Variety of Public Statements – Protect your organization’s reputation from the forefront.
- Prepare an Incident Event Log – Document all steps taken during and after the incident for review, effectiveness and improvement of the plan.
Key Steps to Take Without an IRP
While it’s important that your organization eventually puts together an IRP, if you’re caught without one after a hack, you can still handle it in an effective manner. Communication can go a long way during the period after the attack. It’s critical that there is open communication both internal (involve everyone who can help such as management, information technology and public relations) and external (direct communication to clients and customers through official media releases).
Basic first steps could be:
- Take ownership that an incident has occurred and be as transparent as laws and circumstances warrant
- Provide details – Explain the situation in a manner that informs your customers without being too specific on details.
- Mitigate – Describe solutions for affected individuals. Possibly prepare special offers for them.
- Educate – Make it a situation to learn and improve from, in all aspects (i.e. steps taken after the breach), not just the network link that was attacked.
Taking this approach will allow your organization to control the conversation in a way that can be respected by the public perception. Doing so will give you the greatest chances of retaining your customer and vendor base and their trust.
Questions? Contact us.