5 Things to Prepare for a Security Incident
You’ve heard the saying, “Failing to plan is planning to fail.” When it comes to your business network, that phrase could not be truer. Planning for a security incident is a vital piece of your network’s health. Most small businesses employ outside IT support, who won’t always be onsite at the start of a security breach. That means you will need to have a plan in place to deal with the incident until help can arrive to resolve the problem.
5 Things to Do to Prepare For a Security Incident
Determine What Is an Incident
The first part of your plan will be to determine what actually constitutes a security breach that requires a response. Obviously, something as large as a database hack with customer financial information would be at the top of the list. Something as small as an individual with a virus could also make the list, as a virus’ main goal is to spread. Ransomware incidents should also be considered, as those can also infect multiple devices on a single network once deployed. One person with a pop-up saying they have a virus, may not require the full response team though. A simple phone call to your managed IT support company can typically resolve that.
What First Steps Need to Be Taken
The minutes following the discovery of a breach can be critical. Time could be the difference between ten customers data being compromised and thousands. Depending on where the security incident has occurred, your plan needs to specify what actions will immediately follow. If the breach is limited to one of your servers, will you shut down that particular machine? Remove it from the network? Shut down the internet to the entire network? The steps taken should be a measured response to the risk posed. So, make sure to determine exactly what will happen in various scenarios.
Who Needs to Know
Once a breach has been discovered, there will need to be a plan in place to notify individuals. The best thing to do in this part of your plan is to write the job titles that will be informed, instead of individual names. This will keep your plan current despite employee changes. You may even need to think outside the box here a little, as some individuals that may need to know about the breach aren’t those you would immediately think about. For example, your PR team or firm will need to know, especially if customer data has been leaked.
How Will Everyone Be Notified
During a security incident, it can be hard to think straight. Outlining exactly how each person will be notified of the incident can clear your mind up to think about other implications of the breach. For your managed IT support firm, a phone call is probably the best way to inform them, since they will need to act on it right away. For others, an email letting them know could suffice, if they do not need to act, they just need to know that it happened.
Test and Revisit
Once you have a plan in place, do a couple of dry runs. Come up with scenarios you read about in the news like the WannaCry ransomware, or the Google Docs phishing scam. Act as if the incident has happened to your company and test out your plan. After the plan has been executed, revisit it and change things that didn’t work for you. Do this at least once a month. With practice, you will be able to react calmly and effectively to any security incident.
The next time a security incident happens at your office, you will be prepared to handle it. If you need help and have questions about managed IT services, don’t hesitate to call Protek at 801.290.0389.
Eric is the owner and CEO of Protek Support and is a CISSP (Certified Information Systems Security Professional). He graduated from Utah State University with a Bachelors of Science degree in Business with an emphasis in Information Technology (IT). He is an IT Services expert in a variety of technology related fields. Some of these fields include document management software/hardware, enterprise level networking and VoIP phone systems, as well as large scale software implementation projects and the setup of small business networks.