Navigant's Cyber Risk and Information Security PracticeLearn More


Developing an IT Incident Response Program24 August 2017

IT Security, Risk Management

Imagine being a user on a Friday afternoon, when suddenly, a pop-up indicates that your files are now encrypted and require 20 bitcoins payoff to regain access! Clearly, all signs point to a ransomware attack.  Ransomware being a type of malware that hold files hostage until a payment is made, a lucrative attack in today’s environment. Besides contacting IT, what is the next move?  Well for too many organization today, contacting IT is the only move, which is why developing an incident response program is so important.

IT scenarios that require an incident response come in many forms and effect each organization differently. Having an incident response program in place to address the results of a security breach or a cyber-attack is crucial to limiting the cost and increasing recovery time.  Whether your company has a single office or locations worldwide, developing an incident response program will provide the required guidelines on responding to a security breach.

The ransomware example above is a popular attack affecting large corporations, hospitals, and institutions that have the resources to develop such a program.  If your organization is late to this game do not sweat it, the following is a short list of items to include when developing your own Incident Response Program.

  • Select team members – During the process of developing this program you should reflect team members either by name or by job title. When selecting these members, choosing employees who are familiar with company processes and procedures is key and, it certainly does not hurt to have someone from IT!
  • Define what an incident might mean – Each organization is setup differently so what might be a critical event in one office might be very low on the totem pole for another. This might mean taking a good look at where your data is located and figuring out what an attempted attack might look like.  Spending a lot of time here is usually worth it.
  • Conduct employee training – Not only for the members of the team but the entire company. Team members need to be familiar with their area of expertise and equipped to make quick, accurate decisions.  Additionally, they need to know what to look for and how to report it in an effort to stop the spread.  Coordinating a training event is just like going to baseball practice, it will identify weaknesses in your approach and provide immediate feedback.

It may seem like all the technology has only made things harder and that developing an incident response plan 17 years ago was only what militaries did.  But the reality is, anyone connected to the internet can get close to your digital “front door” and some even knock.  It is not enough to rely on software and hardware for protection and a serious conversation about how to handle possible situations needs to take place. If you would like more information on developing an Incident Response Program, please contact us.

Work With Us Learn How