If you’re sitting in the middle of a cyber attack calm and cool as a cucumber, it’s because YOU have an Incident Response Plan (IRP). You know what to do, where to be, and as soon as you get everyone’s attention, you’ll be able to bring order to the chaos.
Download this Cyber Incident Response Plan Cheat Sheet PDF to share with your team.
Let’s start with the timeline for your Cyber Incident Response Plan - Before the Incident, During the Incident, and After the Incident.
BEFORE THE INCIDENT
1. Definitions Matter
Make sure your team understands the difference between an Event and a Crisis; Incident and Breach; and Ticket and Case.
2. What Is Your Name?
Don't make introductions during a crisis. Ensure everyone involved in the IRP knows each other before an incident occurs.
3. Where Is Joe?
Ensure the people who are activating the IRP are on stand-by.
4. Practice Makes Perfect
PRACTICE, PRACTICE, PRACTICE! It doesn't do anyone any good to build a plan, place it on the shelf and not use it until you need it. PRO TIP: when you do a simulation, send a few people to get coffee and check if the rest of the team can figure out what to do.
5. Who Has A Hard Copy?
Everyone who is involved in the IRP should have a hard-copy wherever they are.
DURING THE INCIDENT
1. Always Communicate
Make sure to control the message. You don't want someone to tweet about it.
2. The Next Update Is In...
Keep regular cadence with those who need to know updates at a specific time. This will not only limit the amount of people knocking on your door every 5 minutes asking for updates.
3. Can I Talk To The Manager?
If there is a vacuum in leadership, people will run everywhere. Establish a chain of command and clarify what people are not supposed to do.
AFTER THE INCIDENT
1. Reflect On What Happened
Take the time to think about how the incident occurred, what you can do to prevent another one, how your team responded to the incident, and the overall effectiveness of your IRP.
2. Invest Time In A Review
Devote the same amount of time AFTER the incident as you did DURING the incident.
3. Provide Feedback
Be sure to acknowledge those team members who did well and provide additional training to those you didn't.
More Security Awareness Training Downloadable PDFs
Hear from the Experts
In this Wizer "Back to the Basics" Webinar in partnership with SideChannel, learn everything you need to know about Incident Response Plan and how to build an effective one from this powerhouse panel of cyber security experts.
Why Security Awareness is Key
It's not secret that many of the incident start with a social engineering attack like phishing or spear phishing. So beyond training the IR team, it's wise to ensure employees are also training on how to avoid becoming a target. This is usually done through security awareness training and phishing simulation. Wizer Security Awareness Training offers both. We mastered the power of short stories to make security awareness training relatable and memorable. And best of all, you can start free and upgrade later.