Your Customer Will Be Cyber Attacked: Now What?
In today’s highly complex cybersecurity landscape, you must have a true plan to implement when the time comes, and an incident occurs. An incident response plan is a written and tested set of policies and procedures that you can use to report, identify, contain, and eliminate cyberattacks. The purpose of the incident response plan is to enable an organization to quickly detect and halt attacks, minimize damages, expedite recovery, and prevent future attacks of the same type from happening again.
Do you have one that you share—and review regularly—with your customers? If not, I suggest you create one as soon as possible. You don’t want to get caught without one, jeopardizing your business relationship and maybe even your reputation. And even if you do have one, here’s a sample incident response plan outline to get you started or to compare with your current plan.
Identify, Assess and Contain
This first step is critical to gaining the trust of your customer and minimizing potential damage caused by the breach.
- Identify the internal and external team to work the response (CEO, CFO, insurance, lawyers, etc.)
- Identify what happened and where it came from
- Contain and protect other systems and critical components
- Assess the impact in terms of loss (confidential information, financial impact, reputation loss, etc.)
- Try to limit incident impact on the organization and their customers