Who is in charge?A strong cyber security response plan requires clearly defined roles and responsibilities. Many organisations default this responsibility to the legal counsel, but crisis experts note that although lawyers should be available to advise, they are not the best choice to lead a response. Effective incident response requires organisational and administrative abilities as well as technical knowledge if not hands-on technical skills. The choice of this leader can vary depending on the organisation and the personnel available, but it should be someone with an understanding not only of the IT systems but also how they support your organisation’s mission and business operations. In a larger organisation, the CIO or CISO would be the best place to start, but in smaller companies, business owners will likely need to be more hands-on. The important thing to remember is that, post-breach, clear lines of communication are required for prompt and decisive actions. Determine this in advance. A documented response plan will cover how your micro business will work with the primary response team for data recovery and continuity of operations. It will lay out responsibilities and help to ensure effective decision making in crisis mode.
Test, adapt and test againA static ‘shelf ware? plan will not address your incident response needs. This is particularly true as the threat landscape continues to evolve. It is critical to battle-test readiness through live drills to help prevent company paralysis when a data breach or other incident occurs. Drills can help uncover deficiencies in planning and implementation, so that plans can be updated as needed. Periodic testing and updating is necessary to keep your cyber incident response plan effective. Having a documented and evaluated incident response plan demonstrates to customers and regulators that your business is taking responsible steps to anticipate and mitigate the risk of threats. By taking a proactive, layered approach to security, and ensuring security best practices are part of your organisation’s DNA, you will put yourself in the strongest position to manage the cyber-attacks. John Worrall is chief marketing officer at CyberArk How to choose the right online accounting software for your business
Sign up to our newsletter to get the latest from Business Advice.