By Christopher Moschella, CPA, CISA, Risk Advisory Services Senior Manager
Organizations of any size should have some type of incident response plan. An incident response plan outlines the steps your company takes when responding to cyber incidents. Smaller companies or companies without complex IT infrastructure might incorporate the cyber incident response plan into their overall incident response plan, which may cover situations like inclement weather, an employee who doesn’t report to work, or other work related emergencies.
Incident Response Plans
Companies with complex IT infrastructure should have a dedicated IT incident response policy that can deal with system outages, performance issues, and cyber incidents.
Incident response plans, as one might expect, should include the steps to follow to identify, contain, and recover from an incident. But an incident response plan can also address:
- How to identify severity ratings for an incident
- Roles and responsibilities
- Etiquette
- Employee expectations and more
An important part of responding to a breach is not making the situation worse. As your technical teams work to deal with an incident, avoid using the word “breach”; use “incident” instead. The term breach may be interpreted by courts as acknowledgement of stolen data.
If you suspect you have a breach, your first call should be to your cyber insurer, if you have one. Your second call should be to your cyber attorney. Once you have an experienced cyber attorney in your corner, let him or her direct all further activities in responding. Your attorney will help you make public statements without incriminating yourself, comply with breach notification laws and other regulations, and potentially protect your internal research into the breach under attorney-client privilege to prevent it from being discoverable, should the breach result in litigation.
Actionable Steps
- Implement, at a minimum, a basic incident response plan
- If you think you have a breach:
- Don’t use the word “breach”; use “incident”
- Call your insurer
- Call your cyber attorney
- Do what your attorney says
The content in this article covers just one aspect that small to mid-size businesses need to address for Cybersecurity.
Interested in learning more about Keiter’s cybersecurity services? Contact us. Our Cybersecurity team can provide you with critical insight into your company’s cybersecurity footprint.
Additional Cybersecurity Resources:
- Cybersecurity: Know Who Has Access to Your Systems and Deactivate Access Timely
- Cybersecurity: The Importance of Securing your Cyber-Doors and Windows
- Good Cybersecurity Starts with Governance
- Cybersecurity: Backup. Backup. Backup.
- Cybersecurity: Cyber Insurance
- Cybersecurity: Educate and Motivate Staff to Be Careful
- Cybersecurity Desktop Guide
About the Author
The information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.