What is a Cyber incident?
According to the National Cyber Security Centre (NCSC), A cyber incident is:
“A breach of a system’s security policy in order to affect its integrity or availability and/or the unauthorised access or attempted access to a system or systems; in line with the Computer Misuse Act (1990).”
Irrespective of the nature of your organisation, its size, and the variety of systems used, it is highly likely you will suffer a cyber security incident at some point. Hopefully, it will be minor and cause limited damage, but there is always the risk of a major incident that has a significant impact on your organisation. So this needs to be a permanent entry on your risk register. Incident response starts with preparation and planning.
Incident Response: planning & preparation checklist:
Have a plan and supporting documentation
The plan should set out who is in your incidence response team (IRT), their roles and responsibilities and authority level requirements for invoking the plan and mobilising the IRT. The Plan should be supported by documents setting out strategies for responding to specific threats and containing and recovering from them.
Have a team warmed up and ready to go
It is important to know who forms part of your IRT (and to keep it updated when people leave/move positions), for them to know their own and each other’s roles and responsibilities and for them all to have each other’s contact details to hand, not just on tech systems that might be affected by the incident. Train your IRT members on the contents of the Plan and the supporting documentation.
Identify relationships and authorities
Although your IRT is primarily focused on systems, input will be required from other functions in the business. This will almost certainly include those with responsibility for finance, legal and data protection / DPO (where applicable) and will likely include any HR, and facilities staff as well as other functions.
Agree primary and secondary backup communication methods
It’s extremely important to ensure you have backup communication methods if your primary communication tools have been affected by the incident.
Have incident analysis resources available
Think about the minimum hardware and software tools you could require during an incident, ensure they are available and that incident responders know how to use them.
Train, practise and prepare for an incident
Prepare your IRT for the incident by running awareness training, page turn walkthroughs of the Plan and carrying out tabletop incident exercises.
Clearly, no one wants to be hit by a high-impact incident, but if you are, your organisation will be in a much better place to mitigate the threat if you follow the steps set out above.
If you do suffer from a cyber-attack, there are some critical steps you should follow for successful recovery, as well as some post-incident activities – view our Incident Response Recovery checklist.
Evalian are cyber security experts who are experienced in supporting organisations with incident response and providing internal employee training exercises such as phishing awareness assessments. They are CREST accredited and are also a certification body for Cyber Essentials & Cyber Essentials Plus.