In our current economic environment, it goes without saying that ALL organizations should have an active Incident Response (IR) Plan in place. Companies should have a policy that defines in specific terms what constitutes an information security incident, and provides a step-by-step process to follow when and if an incident should occur. If your company has a plan in place, be aware; the best practices continue to evolve, and so should your plan. Having clear goals in the event of a data breach will only serve to make the process less painful.
Michael Whitcomb, President and CEO of Tampa based IT Security firm, Loricca, Inc. states, “Having an Incident Response plan in place, will allow you to promptly and properly reduce the impact and overall costs associated with a breach”.
It’s All About You!
Ever heard the saying, “Worry about your own house”? Plan for instances that effect your organization! Preparation and identification should be the first steps to handling an incident. Ask yourself, what is your company or organizations largest threat, and how would a breach benefit a hacker/criminal? The answer(s) will lead to a root set of causes for breach attempts. Focus on what is possible, but don’t be afraid to think outside of the box.
Practice Makes Good…Not Perfect.
Once the IR plan is written, throwing it in a binder to sit on closet shelf does no good. Being proactive and truly prepared in your company’s policy and more importantly, educating your staff is your best course of action. Plans must be reviewed, drilled and updated regularly to remain worthwhile. A good rule of thumb should be “practice makes better, not perfect”. Enlisting the help of outside help to be on “stand by” is always a safe bet, you can count on.
Tick Tock, Tick Tock.
IR teams should always be looking for ways to improve response times. Think in terms of minutes, not hours or days. An internet outage of more than one hour is considered significant. With today’s instant access to Social media, the chatter can very quickly rage out of control like a wild fire. “Containment” should be first and foremost should an incident occur. Move quickly. Determine possible entry points. Extinguish the flame!
Act Now, Think Later…Sort of!
The cause of the breach may not be immediately known, but that should not hinder you from restoring or providing top-notch service to your customer. Identifying the cause of the breach can take weeks or months, but having an IR Plan in place will allow you to quickly contain the threat, destroy it, and keep your focus on the customer. Getting things back to normal as quickly as possible will be instrumental in how your customer views your level of integrity.
According to the updated NIST Incident Handling Guide “During the chaotic first minutes when a computer system is under attack, having a well-prepared incident response plan to follow ensures that steps such as alerting other agencies or law enforcement occur in the correct order”.
All organizations regulated by HIPAA are required to document and report security incidents per regulation § 164.308(a)(6)(ii) . The path from investigation to notification begins with discovery and initial investigation of the security incident, followed by a determination as to whether there was a security breach and a subsequent privacy breach, followed by breach notification.
Loricca’ s experienced Team has assisted many organizations across the country to be prepared for any unforeseen events by mitigating risk and satisfying regulatory requirements with an effective Incident Response Plan and on-call Response Team. Loricca is a national provider of IT security and regulatory compliance solutions.