With businesses storing much of their information online nowadays, cyber-security is of the utmost importance. No matter the size of your business, it is necessary to have an incident response plan in the case of a cyber-security breach. An incident response plan is a document that businesses use to detect, respond to, and resolve issues of cybersecurity. Consider this your disaster recovery protocol.
According to the SANS Institute, your incident response plan should include 6 parts: Preparation, Identification, Containment, Eradication, Recovery, and Reflection. In addressing threats to cyber-security, your business personnel should know who to contact in case of a potential threat, both internally and externally. There also needs to be a widely-distributed methodology for reporting crimes to management, customers, and outside agencies. In the event of a breach, your plan should also lay out the execution strategy to monitor and limit the breach.
Overall, this incident response plan should be tested annually so everyone knows their responsibilities to protect your business’s assets and clientele. Your defense strategy and its effectiveness could make the difference between a minor hiccup and a monumental corporate disaster. For help crafting your incident response plan and other legal advice regarding cyber-security, contact the attorneys at Rock Fusco & Connelly.