skip to Main Content

Handling a Security Incident: 8 Steps You Need to Know

Handling A Security Incident: 8 Steps You Need To Know

Worried about the possibilities of a cyber security incident in your workplace? Odds are your nightmares could easily become a reality.


According to WhiteHat’s 2013 Website Security Statistics Report, 86 percent of all websites had at least one serious vulnerability during 2012, with information leakage topping the charts for the most prevalent vulnerability across these sites. The risks don’t stop there: Google has also reported that between 12 to 14 million web searches return hacked sites every day, and that these infected sites are more likely to infect computers with malware than spam email is.


Fortunately, a little preemptive planning can go a long way to helping your business address and recover from a cyber security incident. If the threat of an incident is keeping you up at night, take some time to build an incident plan with the following steps:


1. Build a Communication Plan Ahead of Time. You may want to select a specific conference bridge, set up a calling tree, and determine how your team members will contact one another if your phones and email are down.


2. Identify an Incident Response Manager. This person should have the most knowledge on your systems, third-party relationships and best points of contact. Be sure this person is aware that he or she might be asked to respond to an event at all hours of the day.


3. Identify Your Primary Incident Response Team. Take note of what their roles might be in the event of an incident and how they can be contact—both during work hours and after hours.


4. Identify Your Secondary Incident Response Team. These team members may not need to be contacted after hours; however, taking note of their supporting roles and how they can be contacted during various times of the day is still advisable. Remember that members of this team could be responsible for providing primary support if one of your primary team members is unavailable.


5. Identify a Crisis Contact with Your Internet Service Provider. If your suffering from a DDoS or DoS attack (learn more here), you’ll want to have a reliable contact within your ISP. This person can help you “blackhole” an attack, implement blocking or provide additional support to your team as they fight off the attack.


6. If You Have One, Know How to Reach Your Managed Service Provider. A good managed service provider will be available at all hours of the day—be sure you know how to reach them if an incident occurs at 2 a.m.


7. Distribute Your Response Plan to the Appropriate Parties. Be sure to include everyone from the incident response teams and your company’s management teams.


8. In the Event of an Attack, Determine Your Strategy. Every attack will be different, and your strategy for handling the attack could be, too. For some attacks, you can consider watching and learning from the attack—this could help you prevent or mitigate similar attacks in the future. For other types of attacks, it may be in your best interest to fight and recover as quickly as possible. If an attack occurs, be prepared to make determine your best course of action.


Want to learn more about preparing your business for security incidents? Read more about our security and compliance consulting services here.

Leave a Reply

Back To Top